OpenBSD as base for User / Desktop workstation?

Contributed by jose on 2004-01-11 from the everyday-use dept.

A Linux User writes: "The OpenBSD site claims:
"Only one remote hole in the default install, in more than 7 years!"
SuSE (& other Linux products) are still showing lengthy streams of [repaired] vulnerabilities, every month.
So, why hasn't the penny dropped & folks [re-]start dev't of an Open Source op sys for the User / Desktop on a base of OpenBSD?
Links to debate(s) on this issue or spin-off's of OpenBSD that are attempting this welcome.

TIA"

(Comments are closed)

Comments

By Alexander Guy () alexander.guy@andern.org on 2004-01-11 13:05 mailto:alexander.guy@andern.org
By Alexander Guy () alexander.guy@andern.org on 2004-01-11 13:15 mailto:alexander.guy@andern.org

The reason Linux is used as a base is similar to the reason people still tolerate Windows. If you look at Linux's support for random-ass hardware (I don't mean your VAX.. I mean half the shit that comes out of Fry's) and software, it beats out OpenBSD in most (all?) cases.

On the hardware front, OpenBSD (and the BSDes in general) usually have more full-featured implementations, but the breadth of device support is smaller than Linux (go buy a random USB->RS232C adapter, and I'm sure it'll have Linux support while BSD support is almost non-existent).

As far as software goes, Linux tends to be the platform people are writing it for, so things get skewed in that direction, usually by sloppy or inexperienced programmers (overuse of /proc for instance) or by people who just don't care.

I think it just boils down to a path of least resistance problem.
Comments
1. By Aernoudt () aernoudt at bottemanne . net on 2004-01-11 14:23 www.bottemanne.net
  
  You start of nice, but end a bit less. Linux hardware support is indeed much better, and also there is so much choice in (desktop) software.
  
  But I dot agree on your fingerpoint that every linux developer is a bad one; come on we're past that !
  
  Extending our ports collection with some more tools for the desktop user would help, just as much as having java (like it or not) on our desktop.
  
  You may not agree with me here, but I think that what we (*BSD and linux) lack most is a decent browser to compete IE, and not having to move to Apple's hardware + OS ... With most webpages being compiled for IE, bringing lot's of annoyance to non-IE users, this is the number 1 issue for big-time desktop usage (followed by Office interoperability)
  Comments
  1. By Josh () selerius@codefusion.org on 2004-01-11 15:14 codefusion.org
    
    ports/www/mozilla
    ports/www/mozilla-firebird
    ports/www/opera
    ports/www/dillo
    ports/www/netscape
    
    a) openbsd is not competing with any OS other than itself
    b) read the list above, and then tell me that openbsd doesn't have a decent browser.
    c) what tools on the desktop do you mean? we have KDE/GNOME/XMMS/INSERT_WINDOW_MANAGER_HERE/GAIM/XCHAT/ETC. and the list goes on...
    d) if there is something we don't have, why not write a port for it? see http://www.openbsd.org/porting.html
    
    Comments
    
    By Anonymous Coward () on 2004-01-11 15:37
    
    The "performance-increase" port would be nice.
    
    Comments
    
    By Josh () selerius@codefusion.org on 2004-01-11 15:40 http://codefusion.org
    
    don't beat a dead horse...
    
    the problem with that statement is I don't see "performance" anywhere mentioned at http://www.openbsd.org/goals.html
    
    You can also look at http://www.schubert.cx/openbsd/scale-tests/
    
    Comments
    
    By Anthony () on 2004-01-11 17:08
    
    OpenBSD's stated goals conflict with what one might expect from a desktop OS. eg, a scheduler that would improve performance with interactive stuff won't be included because there would be a lot of extra complexity without any benefits to security or stability.
    
    Linux or FreeBSD (or whatever) on the desktop, OpenBSD on the firewall. Where's the problem?
    
    Comments
    
    By tedu () on 2004-01-11 17:33
    
    there's no reason why a new scheduler can't be included because of some security goal.
    
    a more accurate assessment would be "nobody has written a new better scheduler for openbsd". and personally, i haven't noticed a problem with the scheduler, so i'm not likely to write a new one.
    
    Comments
    
    By Bruno Roh�e () bruno@rohee.com on 2004-01-12 09:20 mailto:bruno@rohee.com
    
    Well, try to watch a movie during a make build , there will be some glitches. It's bearable but could use some tweaking...
    
    By Anonymous Coward () on 2004-01-11 18:24
    
    That's why there's "port" in the sentence. Thanks for the link.
    
    By Anonymous Coward () on 2004-01-11 16:52
    
    It's all about security vs performance, which one do you prefer ?
    Honestly i prefer a server that is secure and slower than a high performance server which is exploited each month ...
    
    By Peter Hessler () spambox@theapt.org on 2004-01-13 00:44 http://www.theapt.org
    
    ports/www/mozilla
    The world is not i386
    ports/www/mozilla-firebird
    The world is not i386
    ports/www/opera
    The world is not i386
    ports/www/dillo
    doesn't do frames, tables (very well), animated gifs, etc, etc
    ports/www/netscape
    The world is not i386
    
    Comments
    
    By Anonymous Coward () on 2004-01-13 11:54
    
    the desktop-users-wishing-to-have-good-os world is almost all i386 :-))
    
    By Anonymous Coward () on 2004-01-13 14:09
    
    Hey you forgot ports/www/links+, start it with "links -g"
    
    By Anonymous Coward () on 2004-01-23 19:17
    
    ports/www/mozilla-firebird The world is not i386 This port works fine on my sparc64 machine. You must be on one of the four platforms the port doesn't support (powerpc, hppa, m68k, vax). Of those four, I'd only expect powerpc to be supported, the rest are all ancient (in technology terms) platforms.
    
    By Aernoudt () aernoudt at bottemanne . net on 2004-01-13 16:24 www.bottemanne.net
    
    Perhaps you missed a line in my posting: most website arre compiled specifically for IE; as such they do not always display nice, that is quite annoying. Therefore Netscape or Mozila (slow....) do not work as they are not IE compliant.
    
    Dillo and others are not even near the stage of being usable except for some specific sites.
    
    Opera same. What we need is either having all websites build decently after the W3C standards, but I'd rather not wait for that to happen, or have access to MSFT IE on OpenBSD
    
    Comments
    
    By Anonymous Coward () on 2004-01-13 16:59
    
    If you're that dependant on badly designed websites, well, maybe you should consider using Windows, or Linux. There's no one saying that you have to use OpenBSD for everything. Just use the right tool for the right job, and if that tool happens to be MS Windows with IE, well, then that is what you should use.
    
    By Anonymous Coward () on 2004-01-13 18:59
    
    I don't see your second option as valid. OpenBSD is (partly) about following standards so importing the most broken browser available to anything but MS platforms is nonsensical.
    
    By vrtsdaemon () vrtsdaemon@yahoo.com on 2004-01-26 15:48 doibaothu.vze.com
    
    most website arre compiled specifically for IE; as such they do not always display nice, that is quite annoying. Therefore Netscape or Mozila (slow....) do not work as they are not IE compliant. I don't think I've been to a website ever that hasn't worked in Mozilla (Firebird). And Mozilla is slow? I mean sure, it doesn't compare to Dillo, but I wouldn't say Dillo is as good a browser as Mozilla (for my purposes at least). The loading time for Mozilla is a tad long, but I can deal with it once it's up and running.
2. By Wim Vandeputte () wim@kd85.com on 2004-01-12 07:03 http://soekris.kd85.com
  
  Actually I've found that the USB support under BSD is a lot smoother than under other platforms I've been forced to use, including Linux.
  
  And that includes random USB->RS232C adapters :-)
  
  Jan 12 02:02:15 xatu /bsd: umass0: SCM Microsystems Inc. eUSB CompactFlash Adapter, rev 1.10/2.18, addr 2
  Jan 12 02:02:15 xatu /bsd: umass0: using SCSI over Bulk-Only
  Jan 12 02:02:17 xatu /bsd: scsibus0 at umass0: 2 targets
  Jan 12 02:02:18 xatu /bsd: sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable
  Jan 12 02:02:18 xatu /bsd: sd0: 31MB, 31 cyl, 64 head, 32 sec, 512 bytes/sec, 63488 sec total
  Jan 12 02:03:40 xatu /bsd: umass0: at uhub0 port 2 (addr 2) disconnected
  Jan 12 02:03:40 xatu /bsd: sd0 detached
  Jan 12 02:03:40 xatu /bsd: scsibus0 detached
  Jan 12 02:03:40 xatu /bsd: umass0 detached
  Jan 12 02:03:58 xatu /bsd: uplcom0 at uhub0 port 2
  Jan 12 02:03:58 xatu /bsd: uplcom0: Prolific Technology PL2303 Serial adapter, rev 1.10/2.02, addr 2
  Jan 12 02:03:58 xatu /bsd: ucom0 at uplcom0
  Comments
  1. By Alexander Guy () alexander.guy@andern.org on 2004-01-13 14:04 mailto:alexander.guy@andern.org
    
    Haha, please.. Wim don't try to tell me you went and bought a 'random' RS232C adapter without looking at uplcom's support. ;) When the device is supported, I've found OBSD's USB support to feel way more sane than most other OSes.
    
    I didn't put up a disclaimer on my first post,.. but I'm not knocking OpenBSD as a desktop OS. It's my first choice, but I'm not in denial over what isn't implemented/isn't a priority.
  2. By Dale P. Smith () on 2004-01-13 16:27
    
    I've found (in my personal experience) that OpenBSD supports more hardware out of the box than anything else. It seems I always have to do a lot of tweaking and configuring (and sometimes rebuilding a kernel) on Linux. I usually have to build a kernel on FreeBSD too.
    
    When I get a strange box with unknown hardware, I usually boot OpenBSD on it to see what is detected.
By Anonymous Coward () on 2004-01-11 14:51

I think OpenBSD is great as a desktop OS. I use it every day.

But I do _not_ want OpenBSD to become as Linux, with dozens of dummy-proof GUI tools that keep you away from what's really happening. The _lack_ of these mind-numbing things is one of the reasons I chose OpenBSD to begin with, so let's keep it that way.
Linux is a great desktop OS too, but it's just meant for another type of users.
Comments
1. By Anonymous Coward () on 2004-01-11 14:57
  
  Personally, I couldn't agree with you more!
2. By armus () armus@college.it on 2004-01-11 15:17 mailto:armus@college.it
  
  I am a Linux user, but I could switch to OBSD if it come with a powerfull gui like KDE 3.2 (soon to come), and with me many more lnx-users.
  Comments
  1. By Josh () selerius@codefusion.org on 2004-01-11 15:28 codefusion.org
    
    cd /usr/ports/x11/kde && make install
    
    This will install KDE 3.1.3 (on the -stable branch) and 3.1.4 (on the -current branch).
    
    see http://www.openbsd.org/ports.html for more information...you can also install KDE from the packages collection which is included on the CDROM or most any of the ftp/http/etc. mirror servers.
  2. By Anonymous Coward () on 2004-01-11 15:30
    
    The point is: no one cares that linux users could migrate to obsd when $FOO.
    The developers just want to make a secure and stable system.
    
    Comments
    
    By Josh () selerius@codefusion.org on 2004-01-11 15:36 http://codefusion.org
    
    Education my dear anonymous coward, education.
    
    I agree with your statement. However, it doesnt hurt to inform someone who has an incorrect perception (for example, KDE not working) of openbsd, that things are different than they percieve.
    
    I am sure even a few of openbsd's developers didn't start out using OpenBSD, yet migrated from a different system...who know's they may even have had the same type of problem as the person above...until someone informed them otherwise that is.
By asdfg () on 2004-01-11 16:27

I'm slowly switching from a Linux desktop to an OpenBSD one. Right now, I'm happily running OpenBSD 3.4 as a desktop (on a laptop). I have to tell you, it's absolutely beautiful. This is what I've got right now:

- KDE 3.1.3
- Anti-aliased TrueType fonts (rendered with Freetype 2.1.6)
- Mozilla Firebird with XFT (from schubert.cx, thanks Schubert!)
- Mozilla Thunderbird with XFT (thanks again Schubert!)
- Acrobat Reader
- xmms
- gaim works too (from ports), but it's an old version (0.67) and I'm not using it actively.
- Other miscellaneous stuff, which don't really use a GUI, so it probably doesn't count as "desktop stuff") e.g. vim, irssi, LaTeX, etc.

At the same time, I have not totally switched over from Linux to OpenBSD yet. Why? I would do that, totally, if the following apps did run on OpenBSD (if you have information that they do, and/or have instructions, please let me know):

- Crossover Office.* (see note below)
- Crossover Plugin. This one gives you access to QuickTime, Shockwave, Windows Media Player, etc. on your browser.
- Flash plugin for Firebird.
- RealPlayer.
- Java 1.4.x and Java plugin.

* Sure, there's OpenOffice.org, Abiword, and KOffice. But if you have ever used Crossover Office on Linux, you'll wonder how you ever managed to survive without it. Opens Office docs, etc. without blinking an eye (after all, it's MSOffice emulated on Linux). Plus, you can run Photoshop, IE (for testing websites), Flash MX, Visio, and a whole bunch o' other things. Best of all, it's so easy to install any of these apps (no need to tinker with wine, etc.). Someone has got Crossover partially supported on NetBSD (http://www.duh.org/cxoffice/). I wonder how much effort it would take to replicate that on OpenBSD. Developers, any ideas? I might give it a shot, but knowing my coding skills, it'll probably take me a year. :)

Well those are my 2 cents.
Comments
1. By Anonymous Coward () on 2004-01-11 23:47
  
  I agree.
  
  What OpenBSd lacks also is Vmware. I would like to run WinXP in OpenBSD. Does anybody already has success stories ?
  Comments
  1. By Anonymous Coward () on 2004-01-12 12:20
    
    There is a vmware port floating around, I would bet a "search engine" could search the web for you and find it.
2. By mirabile () mirabile@bsdcow.net on 2004-01-12 03:07 http://mirbsd.de/
  
  I've committed the ports of realplayer-linux
  (working well) and vmware (seems to start, but
  got no positive feedback yet), and also does
  sunjdk-1.3.1 work in "classic" (green threads)
  mode, and 1.4.1 would do that too if a green
  threads VM would exist.
  As for xover office, I've made a port myself,
  looking over to NetBSD, but we are currently
  lacking some linuxulator syscalls, so that it
  fails.
  Comments
  1. By Anonymous Coward () on 2004-01-12 07:16
    
    NetBSD made some changes to support jdk1.4.2 too and you can use blackdown-jdk1.3.1 and set JAVA_COMPILER=sunwjit... Better than nothing.
    Btw newer kaffe seems can run apps like tomcat and jboss, worth a look at.
  2. By Anonymous Coward () on 2004-01-12 22:37
    
    Do you have your work on cxoffice posted online somewhere? I would be interested to take a look.
    
    Would be interested in both VMware and Realplayer too.
3. By Anonymous Coward () on 2004-01-14 08:39
  
  The linux realplayer works just fine.
  Install the redhat_base package, set
  sysctl linux.compat to 1, grab realplayer 8,
  and off it goes. Works just fine.
  
  Additionnally, mplayer is able to play a lot
  of realplayer videos too. Not realplayer 4, though.
4. By Anonymous Coward () on 2004-01-15 17:36
  
  Tell those at codeweavers (those who write/support Crossover) that you want OpenBSD support! I tell my friend there every time I see him, but I can't test on a regular enough basis to help them out.
  
  At least one of Codeweavers' developers really wants to work on an OBSD version. Give them incentive, and they'll do it!
  
  (www.codeweavers.com)
By Ian McWilliam () i dot mcwilliam at cit.uws.edu.au on 2004-01-11 17:10 mailto:i dot mcwilliam at cit.uws.edu.au

OpenBSD sufferes from Tall poppy syndrome. Just look at how the world reacts when security problems are found. Says it all.
Comments
1. By djm () on 2004-01-11 22:20
  
  I'm happy that people consider OpenBSD to be the most prestigous target when looking for vulnerabilities. The sanctimonous howling that we must tolerate when they find them is annoying, but tolerable.
  
  Better to be flamed that mediocre.
  Comments
  1. By Anonymous Coward () on 2004-01-12 08:44
    
    Tall Poppy Syndrome - love that, very descriptive
    
    > Better to be flamed that mediocre
    
    Yes, yes and yes. The two posts that are parents to this sum up the right way to deal with the disgusting flaming that happens when security issues are found.
By Anonymous Coward () on 2004-01-11 17:27

I use OpenBSD on my router/firewall because it's secure, stable, and well documented*. My file server runs FreeBSD because it's stable and well documented*. My desktop runs Linux (Gentoo, not some point-and-click distro like Mandrake) because it supports all my software and hardware. Sometimes I even run...gasp...Windows on my laptop to interface with lab equipment.

*By well documented, I mean, for example the pf documentation at openbsd.org, or the vinum documentation in the FreeBSD manual. With BSD, I know exactly where the documentations is, and I can be sure it's correct for the current version.
Comments
1. By sandolo () sandman@mufhd0.net on 2004-01-12 09:14 http://autistici.org/sandolo/
  
  This is the only good comment I've seen on this page...
  Yes, in the perfect world, OpenBSD with only one bug (with security as a goal) in the DEFAULT install (do you use linux with a *default* installation for your desktop? I don't think so.) would be a secure desktop workstation, but... what about the performance? and what about hardware support? And licenses????
  In the end... who care... we use what we like :)
2. By teemu () on 2004-01-16 09:57
  
  source distros suck .. use rocklinux and be a
  man;
  
  I use OpenBSD for everything (coding, surfing, mailing, chatting, firewalling)..
By erik () on 2004-01-11 17:56

Whenever the full support linux has for the desktop, combined with the speed I will switch.

Currently I miss smp ao and, frankly, does one really need the security of OpenBSD behind an OpenBSD firewall, without other users, or with very strict user policies in place?
Comments
1. By Josh () selerius@codefusion.org on 2004-01-11 18:12 http://codefusion.org
  
  thats like asking if you really need to wear your seat/safety belt when driving your car. After all, there are speed limits and road signs, as well as police to enforce the laws of the road.
  
  I personally will continue to wear my seat/safety belt.
By Anonymous Coward () on 2004-01-11 18:32

SuSE (& other Linux products) are still showing lengthy streams of [repaired] vulnerabilities, every month.

These vulnerabilities apply to the same apps if they're installed in OpenBSD, too. Just because you installed it from ports doesn't mean it isn't vulnerable. If you compare kernel and base OS vulnerabilities, you'll find Linux has had far fewer than OpenBSD in the recent past.
Comments
1. By Anonymous Coward () on 2004-01-11 21:59
  
  Right...
  
  And where did you learn math?
2. By my name here () on 2004-01-11 22:18
  
  And how did you do this comparison of kernel vulnerabilities? It's true that both OpenBSD and Linux systems have local vulnerabilities via their kernels, but it's wrong to just say that one has more without offering your evidence.
  
  As for apps, I totally agree with you. If you do the following to your Linux desktop:
  
  1. Set up an iptables rulset to protect the OS
  2. Disable or keep up with OpenSSH and patches
  
  your desktop will be as secure from remote vulnerabilities as a similarly set up OpenBSD workstation
  
  The remote vulnerabilities in OpenBSD all come from ports, except for the OpenSSH bug identified and fixed a long time ago.
3. By Anonymous Coward () on 2004-01-11 23:30
  
  Define "base OS" and maybe your comment can be evaluated.
  
  As for the linux kernel, how long was 2.6 out before a local root vulnerability was discovered?
  
  Just *look* at some of the kernel attention OpenBSD has gotten -- W^X for example. This is the sort of thing that a mass-market OS is absolutely begging for, but because of the comparatively ignorant user community, lacks. Thanks to this type of feature, there are entire classes of kernel vulnerability which Linux is doomed to suffer, and which OpenBSD on identical hardware either cannot possibly have (sparc) or is much much less likely to have (i386).
  
  Linux...feh.
  Comments
  1. By Anonymous Coward () on 2004-01-12 06:25
    
    Just *look* at some of the kernel attention OpenBSD has gotten -- W^X for example. This is the sort of thing that a mass-market OS is absolutely begging for, but because of the comparatively ignorant user community, lacks. Thanks to this type of feature, there are entire classes of kernel vulnerability which Linux is doomed to suffer, and which OpenBSD on identical hardware either cannot possibly have (sparc) or is much much less likely to have (i386).
    I'm definitely no expert at this, but AFAIR w^x protection and many other things were available for Linux long before OpenBSD adapted some of these techniques. They're just not part of the vanilla kernel but available as third party mega-patches, by the grsecurity and openwall projects for instance.
    And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things because it offers cleanly written code with strong emphasis on security and correctness. Advocators believed in code that is free of errors in the first place, rather than patching dubious code with even more dubious patches. And they also claimed that the mega-patches for Linux did nothing important other than making the kernel unstable.
    I find it kind of funny that now that OpenBSD finally has w^x many advocators seem to have changed their minds by 180 degress. :-)
    
    Comments
    
    By Anonymous Coward () on 2004-01-12 11:34
    
    I'm definitely no expert at this, but AFAIR w^x protection and many other things were available for Linux long before OpenBSD adapted some of these techniques.
    
    references? URLs?
    
    And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things
    
    Again, references? URLs?
    
    I find it kind of funny that now that OpenBSD finally has w^x many advocators seem to have changed their minds by 180 degress.
    
    Unless you can provide some kind of references, I am afraid not a lot of people will take your assertions seriously...
    
    Comments
    
    By Anonymous Coward () on 2004-01-13 11:53
    
    I'm definitely no expert at this, but AFAIR w^x protection and many other things were available for Linux long before OpenBSD adapted some of these techniques.
    
    references? URLs?
    
    There was an interesting discussion on the bugtraq mailing list that took place in 2003-08 titled "Buffer overflow prevention". The effectiveness of different techniques (and combination of techniques) including but not limited to the ones used in OpenBSD today are being discussed. And there is a little bit of information about the chronological order in which the projects started and evolved.
    
    For example, Theo de Raadt said "I have made it clear many times that W^X inside OpenBSD came into being without me even being aware of PAX."
    
    And I definitely remember that before w^x, OpenBSD advocation went along the lines that OpenBSD doesn't need these kind of things
    
    Again, references? URLs?
    
    No URLs here because I don't think there is something like an authorative voice in this case because its all about opinion.
  2. By Anonymous Coward () on 2004-01-12 08:42
    
    W^X is in the kernel? Last I heard it was userland only...
By pravus () on 2004-01-11 22:12

for me personally it comes down to support for the applications i need to run. the one big one being VMWare. unfortunately, i'm locked into a job that requires running proprietary software that only runs on Windows (and it almost doesn't do that). with VMWare's full support of Linux, i've been able to successfully run Linux as the main desktop OS, while still being able to run the software i need to perform my job.

it if weren't for this and a couple of other minor factors i could probably live without, i'd be running OpenBSD on all my hardware. as it stands, i've only got Linux running on two of my nine machines.

i guess it all comes down to the right tool for the job. and right now, OpenBSD just doesn't quite fill all the gaps. of course, that's not necessarily a bad thing.
Comments
1. By Anonymous Coward () on 2004-01-12 12:23
  
  As long as vmware 3 is good enough, then it works fine.
2. By Anonymous Coward () on 2004-01-12 02:25
  
  Have you tried faumachine?
  
  http://www.faumachine.org/
  
  Hopefully the OpenBSD port of it is nearly complete.
  Comments
  1. By Anonymous Coward () on 2004-01-12 07:40
    
    Hum... Does WinXP will run in a faumachine ?
By Anonymous Coward () on 2004-01-12 06:01

The OpenBSD site claims: "Only one remote hole in the default install, in more than 7 years!" SuSE (& other Linux products) are still showing lengthy streams of [repaired] vulnerabilities, every month. :-( Why doesn't anybody seem to understand the meaning of "remote hole in the default install"? Gentoo has had 0 remote holes in the default install and will have had 0 remote holes in 10 years because in contrast to OpenBSD it has 0 listening ports in the default install.
Comments
1. By Wim Vandeputte () on 2004-01-12 06:28
  
  No offense to your argument, but OpenBSD tries to ship a *usuable* system.
  
  By disabling all listening ports, first thing people do after installing a system is enabling a whole lot of stuff themselves. I'm not claiming you should have the redhat approach by enabling *everything* by default, but having nothing switched on is a bit barebone.
  
  it's not the first time I've installed a system and had no morre access after rebooting the first time (serial console comes to mind). Having SSH to log in is a bit of a minimum to bootstrap.
2. By Anonymous Coward () on 2004-01-12 18:35
  
  Unfortunately, that claim is a relic of a time when most systems where *very* insecure by *default*, more so than now; remotely, and locally. That period in time was the driving motivation to create a operating system with security in mind; OpenBSD was the result.
  
  The claim is now irrelevant for the sole reason that OpenSSH should not be enabled by default, but an option to be enabled during installation; just like the option of enabling network connectivity. I can not think of why it should be the default and I welcome suggestions that hightlight the need to have OpenSSH enabled by default.
  
  What was impressive by OpenBSD, and still relevant today, is 4 years(if I remember correctly) without a local hole in the default install. That stretch highlights the correctness and superiority of OpenBSD, or the lack of interest by the Open Source community in OpenBSD during that 4 year period.
  Comments
  1. By tedu () on 2004-01-12 20:46
    
    i think you should install a snapshot and pay attention to the "do you want to enable sshd?" question.
    
    Comments
    
    By Anonymous Coward () on 2004-01-13 03:51
    
    yeah - I noticed that installing snapshots.
    
    this is a nice piece of detail that I was very happy to see in the install.
    
    and yes, I was installing a desktop machine, so I didn't want the daemon.
    
    Something else I've noticed is that the afterboot manpage is maturing into a really nice document - just one more thing I really like about OpenBSD!
    
    I must agree with other posters though - choosing OpenBSD really comes down to choosing a tool you are comfortable and happy with.
    
    I'm really not overly concerned with the majority of issues raised in many of the posts in this discussion - for my needs, OpenBSD is perfect.
    
    By Anonymous Coward () on 2004-01-13 13:18
    
    "i think you should install a snapshot and pay attention to the "do you want to enable sshd?" question."
    
    Thanks for the suggestion, but the topic was *default* behaviour, not random points in the operating systems life.
    
    Comments
    
    By tedu () on 2004-01-13 15:16
    
    i interpreted "should be an option" as a request for a change that's already been made.
By Anonymous Coward () on 2004-01-13 08:22

Keeping in mind the excellent security, is it really worth sacrificing that feature which seems to be less common every day; for a nice desktop system. In a perfect world we could have that, but with all those extra features comes all those extra holes that you have to worry about. I would love to help out with an OBSD desktop and would gladly offer what knowledge I have to help, but I just don't see anyone willing to take that security risk...

Maybe i'm just paranoid...
By elaine () on 2004-01-13 13:55

I love(d) it, it's a bit slower than Linux but imx far more stable and 99% of what I needed ran perfectly. (Took awhile to get Mozilla going and Mplayer dvd support used to be wonky but I don't normally want to view DVDs on the laptop anyway.
However.
from v 3.1 -> 3.2 cvs my preferred WM (enlightnement) *always* had problems with shared memory on obsd. I tried a fresh install of 3.4 recently and experienced the same damned problem. Window borders run out of color planes and eventually become unreadable. Never figured out what it was and never got a reply on the ML's when I asked what was up about it.
So I'm back to Linux. I don't like it as well for a number of reasons but being unable to read / see info on iconified windows just isn't tolerable. Stupid little thing but as E is what I've found I'm most productive with, it's a killer.
Comments
1. By djm () on 2004-01-13 21:06
  
  Try increasing the shared memory limits with sysctl. The defaults are fairly low, though they have recently been increased in -current IIRC.
  Comments
  1. By elaine () on 2004-01-13 22:52
    
    Hmm ok I'll do that. Because a lot of other things use shm and don't seem to have problems I had not figured that this was the issue, but clearly it also might be. I'll give it a go, thanks.
By Marc Balmer () marc@msys.ch on 2004-01-14 17:01 http://www.msys.ch/

We use OpenBSD as our server and desktop operating system for more than one year now. We use Gnome as a desktop environment and X Terminals. It's a perfect IT environment for the demanding professional.
Comments
1. By Raymond Morsman () raymond@dyn.org on 2004-01-15 04:58 http://www.openminds.nl
  
  I've played with Gnome and OpenBSD last year. I wasn't very impressed. It looked very chunkey and somehow anti-aliasing wasn't enabled (default packages).
  
  KDE looked great though!
  
  Have you've got a workaround to get Flash 6.0 working with Mozilla?

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (8)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]