OpenBSD


#1

Has anyone had the courage to try it? I’ve been intrigued by its focus on code correctness, security, standardization, and portability. I may give it a shot one day. I’ve read it isn’t difficult to install and get running. I just worry that WiFi will be a pain point, but it does look like OpenBSD has the drivers for iwlwifi.


#2

I’ve tried it briefly. Never longer than an hour or two.


#3

Installed to hardware or in a VM? Experience installing and using?


#4

I always install on hardware. Install was easy enough. Not sure why it isn’t more popular.


#5
Puffy:~$ uname -a 
OpenBSD Puffy.lan 6.3 GENERIC.MP#51 amd64
Puffy:~$

It’s my favourite operating system :slight_smile:

Installation is very easy, full instructions here:

https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/amd64/INSTALL.amd64

You will however need a wired connection or a wireless device that requires no non-free firmware for the installation process — any required firmware is added automatically at the first boot or manually with fw_update(1).

I would recommend running -current and updating from snapshots because -stable doesn’t receive binary updates for the ports tree (third-party software such as Chromium).

The most excellent FAQ covers just about everything else:

https://www.openbsd.org/faq/index.html

The OpenBSD devs have just disabled hyper-threading by default because they think that Intel’s method is almost certainly exposing multiple Spectre/Meltdown style vulnerabilities:

https://marc.info/?l=openbsd-tech&m=152949636730221&w=2

And there is also the small matter of the FPU vulnerabilities that Intel and the Linux community were keeping secret from the world that OpenBSD discovered independently and released the information immediately, thus ending the secret embargo:

https://undeadly.org/cgi?action=article;sid=20180614064341

I prefer running an operating system that does not hide vulnerabilities…


#6

They do have a great mascot :smiley:
I will try freebsd one day, probably in september when i’ll have more time to mess around.
How hard is it to switch from linux to bsd ?


#7

Pretty easy, they’re both Unix-like so work in a similar fashion.

GRUB can chainload the BSD bootloaders so dual-booting is simple enough:

https://www.openbsd.org/faq/faq4.html#Multibooting

Just be sure to either leave some free space on the disk (msdos partition tables will default to non-UEFI, GPT disks will be installed in UEFI mode) or create a new partition for OpenBSD in fdsik or gdisk with the OpenBSD partition (disklabel) type, the installer will then offer an option to use this space.


#8

I am truly inspired to give OpenBSD the old college try. But, I only have Intel WiFi on my laptop, no ethernet port, and I can’t try it on my desktop because that’s the family computer and prefer to leave it with ArchLabs. :slightly_smiling_face:


#9

The trick there is to install a full base system using the install63.fs image then download your firmware from here (using another operating system):

http://firmware.openbsd.org/firmware/snapshots/

I think you need either iwm- or iwn-firmware for your card, copy it onto a FAT-formatted USB stick and mount this under OpenBSD with:

doas mount -t msdos /dev/sd1i /mnt

^ This assumes only one main drive (assigned to /dev/sd0), correct if needed.

And install the firmware with:

doas pkg_add --allow-untrusted /mnt/iw{m,n}-firmware*.tgz

You should then have an iwn0 or iwm0 wireless interface upon the next reboot :wink:


#10

Thanks @Head_on_a_Stick! It’s people like you that make the OSS community such a pleasure to be a part of. You selflessly gave me a ton of information to help me out. You’re a true gentleman and a scholar, sir. I tip my hat to you.


#11

Using it in dual boot with Archlabs, like it’s simplicity. Working on reproducing job related web development setup with linux vm under vmm. All hardware working. Almost everything i need in base setup.

Here OpenBSD, cwm, tmux, iridium browser, vmctl and alpine linux in vm.


#12

I am not that strong with linux, but was attracted to BSD since it does sound good. I made several installs on my machine, openbsd, dragonfly, and others. I never really got it to do all the things I need like printing. Had problems with the package management and quite a few packages seemed to be unmaintained. BSD has an impressive set of documentation, but it didn’t always seem to apply to the latest distribution even though I used the stable versions. I guess I just wasn’t up to the task.

I felt lucky to find AL which seems to be very straight-forward for an Arch distribution; everything I need seems to work well. It sounds like others have had more success with BSD than I did, but I guess it was just too much of a change for me.


#13

I think OpenBSD is compelling if you are at all concerned with clarity and security. FreeBSD if you want the best ZFS experience available. I use to use the heck out of FreeBSD around 07’ and 08’

You’re right if you need hardware support and conveniences then a GNU/Linux rig is the place to be. That’s why I use it.


#14

I’ve tested a few BSDs, they are all very similar, much like Linux.
BSD is not for the faint of heart. It’s a tad more ‘difficult’ than Linux. Setting-up your hardware may be a challenge, but on the other hand, once you learn the command line in BSD you’ll keep it for life, as opposed to Linux that keeps changing (evolving?). For example, a couple of years ago, you used the command ifconfig to check your network connection details in Linux, now you don’t. It changed. In BSD, it stays the same… forever. It has its downsides, but it’s mostly an advantage if you’re setting and maintaining a server for example. I’ve used OpenBSD and FreeBSD for my main OS for a couple of years, and although it took a while to setup (more than the comprehensive Gentoo install), it was stable as a horse (get it? stable - horse… :see_no_evil:) and it never required any maintenance and never ever crashed. I highly recommend it. :slight_smile: Good luck!
P.S.: Now that i’ve said all this, i need to setup a box with FreeBSD. I hate myself.


#15

The webpage for the 6.4 release is up now:

https://www.openbsd.org/64.html

The date on the page says 2018-11-01 but they tend to be pessimistic and I have to use pkg_add -D snap -u to update my ports so the release must be imminent.

EDIT: just to give an idea of the commitment of the OpenBSD devs: this release disables SMT by default and so will cripple the vast majority of modern, x86-based processors but the devs think it is worthwhile because of the horrible vulnerabilities introduced by the multi-threading technology.

I don’t think many Linux distributions would do that…


#16

But… Let’s not forget the songs they release with each release :wink:


#17

They haven’t had any release songs since the CDs stopped :frowning:

The last one was for the 6.1 release (Winter of '95) but nothing since — the 6.4 page just says


#18

I might be wrong here, but if you talking about spectre, doesn’t it require a physical access in the first place to use it?
Is it worth it to slow down all the processors just for the sake of protecting some “minor” cases ?


#19

yeah - that looks like they skipped last Octobers release.


#20

The tlbleed vulnerabilities are of the same class as Spectre, yes.

The devs have added a sysctl knob so it can be easily toggled:

Puffy:~$ sysctl hw.smt        
hw.smt=0
Puffy:~$ top -d1 | sed 6q     
load averages:  0.27,  0.31,  0.24    Puffy.lan 18:25:53
58 processes: 57 idle, 1 on processor  up  1:23
CPU0 states:  4.0% user,  0.5% nice,  3.0% sys,  0.6% spin,  0.5% intr, 91.3% idle
CPU1 states:     - user,     - nice,     - sys,     - spin,     - intr,     - idle
CPU2 states:  4.0% user,  0.5% nice,  3.3% sys,  0.8% spin,  0.0% intr, 91.5% idle
CPU3 states:     - user,     - nice,     - sys,     - spin,     - intr,     - idle
Puffy:~$ doas sysctl hw.smt=1 
hw.smt: 0 -> 1
Puffy:~$ top -d1 | sed 6q     
load averages:  0.23,  0.29,  0.24    Puffy.lan 18:26:01
58 processes: 57 idle, 1 on processor  up  1:24
CPU0 states:  4.0% user,  0.5% nice,  3.0% sys,  0.6% spin,  0.5% intr, 91.3% idle
CPU1 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% idle
CPU2 states:  4.0% user,  0.5% nice,  3.2% sys,  0.8% spin,  0.0% intr, 91.5% idle
CPU3 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% idle
Puffy:~$

And anyway the performance hit isn’t actually that noticeable because most of OpenBSD’s kernel is still giant-locked, one post to @misc suggested that some programs may even run faster with SMT disabled (not Blender though, in my experience).

The operating system is supposed to be supplied “secure by default” and Theo’s commit on the mailing lists makes it clear how serious they think this fault is:

https://marc.info/?l=openbsd-cvs&m=152943660103446&w=2

EDIT: also, disabling SMT is an emergency method being employed to “plug the hole” until the developers can update the scheduler to accommodate the hardware defects.