The 'beast' as I call it, is a desktop Linux system, nvidia, SSD, powerful CPU loads of ram etc. that the rest of the family use as a windows style system (menu's/desktop etc.). Within that I have a kvm/qemu virtual disk into which OpenBSD is installed, along with firefox, libreoffice ...etc. that I vnc into from my laptop that is also running OpenBSD plus just tigervnc. The beast runs OpenBSD/firefox/libreoffice very quickly, even though its a qemu/virtual 'box' and pumps the screens/sound to my laptop. I don't tend to use X forwarding as that's more sluggish if watching youtubes and vnc into a virtual box means that the sound is totally separate, other family members can be using the beast as normal, chrome watching youtubes/playing games/whatever whilst I can be using firefox to watch different youtubes/whatever.

For instance at present my latop screen is running tmux that I have sensors showing and connections to a remote ssh server in which there's mail and IRC running, the 1920x1080 monitor attached to the laptop via HDMI is vnc'd into beast and where I have firefox running with this tab, and another tab that is playing a miss monique youtube, so being on this tab writing this post I hear the music and its using around 32Kbit of LAN bandwidth as I have ssh between the laptop and beast with no compression and vnc is set to use low compression (so screens are quick and sound is clear). If I switch to the youtube tab the bandwidth use increases to around 15Mbit with the youtube around a quarter of screen size. At full screen the bandwidth usage increases to 24Mbit. That's with tigervnc viewer set to Tight compression, low compression/fast settings. jpeg has also been installed on the laptop and I have that enabled and set to a lowish quality that is still OK for me, if I want to I just increase that on the fly to high quality whenever I'm viewing something where I want that greater visual clarity.

If I run Linux on the laptop and connect to something like yahoo finance web pages then as they're quite intense the lower spec laptop struggles to render the web pages directly itself, the beast can render and send the screens to the laptop quicker/better, leaving the laptop to basically be showing the screens an outputting the sound its presented with from the beast.

I don't know what speed our LAN runs at, we have a extender that plugs into one power socket that feeds to a upstairs socket (ethernet in effect in part runs through the electrical mains wiring), that is used for PS5 and other devices, with the beast being used for games, PS5 upstairs also being used, me on my laptop ... we don't have any issues with data speeds even though the LAN reduces to the slowest connected devices speed which is probably 100Mbit.

The laptop is dual boot, so when out/about I'll mostly use my phone, but if doing other office type tasks will take the laptop and use Linux for LibreOffice type things. Whilst the laptops wifi isn't supported by OpenBSD I just tether it to the phone anyway whether I boot OpenBSD or Linux.

The beast is running alsa, not pulseaudio, I struggle somewhat with multiples of that, the defaults however pretty much work ok for usual linux desktop usage, whilst in the OpenBSD qemu I use sndiod for forwarding the sound to the laptop, so there's no conflicts with one sound device locking/hogging the sound card to itself.

Attached Thumbnails

   

Outside of servers, drop-in replacements for Cisco routers, and firewalls etc.. i.e. on the desktop or thinkpad laptops it is mostly OpenBSD people who eat their own dog food.

Honestly, most people don't seem to care.

You don't :

"OpenBSD Users

Many open source operating systems put a lot of effort into growing their user base, evangelizing, and bringing new people into the Unix fold. OpenBSD does not.

Most open source Unix-like operating system groups do a lot of pro-Unix advocacy. Again, OpenBSD does not.

The communities surrounding other operating systems actively encourage new users and try to make newbies feel welcome. OpenBSD specifically and deliberately does not.

The OpenBSD community is not trying to be the most popular operating system—just the best at it what it does. The developers know exactly who their target market is: themselves. If you can use their work, that’s great. If not, go away until you can.

The OpenBSD community generally expects newcomers to be advanced computer users. The members have written extensive OpenBSD documentation, and expect newcomers to be willing to read it. They’re not interested in coddling new Unix users and, if pressed, will say so—often bluntly and forcefully. They will not hold your hand. They will not develop new features to please users. OpenBSD exists to meet the needs of the developers, and while others are welcome to ride along, the needs of the passengers do not steer the project."-- Michael W. Lucas





Under Linux's shadow ? Apples to oranges since something like Debian is more general purpose while OpenBSD is generally highly regarded by security experts.

1 members found this post helpful.

So something that’s highly regarded by security experts is automatically less general purpose? How so?

Linux is just the kernel. Comparing a full OS such as Debian to OpenBSD and I can install OpenBSD in minutes and its ready to go, with sensible defaults pre-configured.
echo cwm >.xsession ... perhaps being the main/more common preferred configuration.

Debian, tried it once, OK, but didn't really like it. Like when shopping, too many choices can lead to indecisiveness or too much time trying the different variations. Changing from init to systemD, alsa to pulse ...etc. and upgrades from one release to the next can become a all day or longer experience. With OpenBSD all of the upgrades I've performed were trivial/quick/easy.

A consequence of too many variations is the tendency towards more discussions (calls for help), more publicity. When something just works then there's less inclination to be trawling/posting in message boards.

1 members found this post helpful.

We're talking daily system here, which I take to mean a desktop/laptop system used perhaps mostly for browsing and copying/moving user files around. In which case the learning curve is quite shallow, syntax/method for mounting usb's/whatever.
It's a complete and secure by default OS, other than perhaps firmware pkg_info (installed packages) might be zero. The fvwm default window manager is large enough (9 desktops) to load 9 different application server windows into (you can create more if needed, many might need/use only two). Application servers via X-forwarding isn't great, OK for relatively static pages, LibreOffice writer/whatever, but a bandwidth hog for the likes of youtubes. Easily resolved, pkg_add tigervnc jpg ... and use vnc instead of X-forwarding. Bumps pkg_info | wc -l to around the mid 60's including firmware.
I don't have a distaste for Linux, that's my preferred application server choice, a family desktop system with nvidia, i5, Linux etc. That can be used as a desktop as-is, or concurrently by other family members. For that I create vm's (kvm/qemu) that I vnc into from my laptop as my 'application server'. I forward sound using sndiod (alsa-sndio plugin) to the laptop, and being a virtual sound card that doesn't interfere with the sound if someone is using the desktop, if they're running chrome watching one youtube, if I'm also running chrome and watching another, my sessions youtube sound doesn't overlay with theirs (nor theirs with mine). Whilst my chrome session runs (scrolls etc.) pretty much as near as quickly as if I were using the desktop system directly.

If you establish a practice of getting everyone to store their data files separate to the OS, then the OS (vm's) can be static once configured as you like them to be. Re-start with the same pristine/clean session each time.

Consider upgrades. As above you might as well just do a clean install for each new version. A 10 minute task or so. The application server side (Linux) tends to be far more involved/time intensive/complex.

If I used my now aging laptop to install/run Linux for a desktop/browsing then it would be slower/sluggish as it would strain under the load. As-is with OpenBSD running, in effect just having to handle the screens and sound thrown at it and feeding back mouse/keyboard activities, it responds at near the same speed as the desktop server system. And my data files on the laptop are more secure, other than sound and vnc all other ports are closed, no foreign software has access (such as a zero day browser flaw). Yes the application servers browser might have been compromised, but that can't 'get at' my data files on the laptop (might only affect the files I copy to the server in order to edit/whatever before returning them back to the laptop).

Once a new user has become familiar with the style/layout of OpenBSD, systcl, rcctl ... etc. and mounting drives, then I guess the next biggest learning curve hurdle is familiarity with ssh, scp, vnc. Of those perhaps ssh is the biggest hurdle (configuration, setting up keys etc.). I suspect many that migrated to Linux from Windows may not be familiar with such 'background' factors, would prefer pointy/clicky type methods rather than typing in commands at a cli.

Attached Thumbnails

 

As a networking exercise, that's fine. It definitely wouldn't impress younger folk.

Everyone has their own pc now, and needs a good reason to be on any network besides the internet.

A lot depends on the skill of the admin since most end users have no admin skills but OpenBSD can afford to be elitist unlike Linux. The BSDs are currently like Linux in its heyday : the hardware support is getting pretty good and everything is still clean and UNIXy. Linux is currently being ruined by an influx of very obnoxious non-technical users and the many eyeballs make bugs shallow myth has been proven to be bullshit. A new version of GhostBSD was just released but I use Debian , on this laptop, simply because GhostBSD does not have hard disk encryption, in the installer, and raw FreeBSD is meant for servers. That is why I use Debian and OpenBSD instead of GhostBSD and OpenBSD but I know , in general, Linux is rubbish.

Michael is one of my favourite OpenBSD authors. It is generally true that the OpenBSD developers create the OS for their own use and that they do not want to spoon feed newcomers. That is, here's our OS, feel free to use it or not.
Having said that I have found that if you're willing to do some of your own research and make an honest effort to troubleshoot an issue then the OpenBSD community is more than willing to lend a hand. I've used OpenBSD since 5.0 (2011).

2 members found this post helpful.

I've heard a lot about all BSDs being more secure, and I don't doubt it.

• X isn't terribly secure, or
• Systemd
• Selinux

But let us consider a PC running linux in console mode - without X, Selinux & Systemd, Slackware, for example with sysVinit. Now if it's set up by an equally paranoid sysadmin as one finds with BSD, is it less secure? I'm hoping to learn stuff here.

1 members found this post helpful.

I think a Linux system can be made to be secure as can a BSD system. Both Linux and BSD systems have firewall capabilities(but they're not set-up by default- PF is enabled, but the rules are not put in for OpenBSD. Slackware has excellent available firewalls, also not set-up with the initial installation.) Both OpenBSD and Slackware release security updates for enhanced security. In both systems you can choose what services run at start-up.

https://www.openbsd.org/faq/faq4.html

Each system provides carefully reviewed software for installation. When you introduce programs from other sources you can compromise security. So in the end system security depends a lot on the sysadmin maintaining the system. I'm not an expert; I'm a happy enthusiast.

OpenBSD randomises more, PID's, location of stuff, ensuring areas that are writeable aren't also executable etc. More difficult to load some area with instructions and grabbing the instruction pointer to point at that or whatever. Needs a lot more guessing/luck. With a fixed setup you might deeply investigate that and identify possible hacks/weaknesses.

The code is also written/audited with security upmost in mind, much of Linux code is written with operation upmost in mind. Smaller amounts of code = fewer flaws = more secure. On the counter side however more eyes and usage (Linux) is more inclined to find/fix weaknesses.

Errors in OpenBSD documentation are also considered as a potential security bug. Incorrect configuration may open up windows for hackers. Each version has its own distinct documentation (man pages) for that version. With Linux often configurations are read via web searches that may relate to different versions such that the configuration indicated works, but may leave weaknesses open.

The answer is yes, Linux is less secure than any of the BSDs, especially OpenBSD.

I remember reading somewhere that even Windows has more security features implemented and enabled by default than the Linux kernel. This has likely come about as a result of Torvalds' historic disdain for security and "security people".

OpenBSD for example is advertised as "secure by default".

https://www.openbsd.org/security.html

1 members found this post helpful.

Example: Windows received W^X support in 2004, Linux got it in 2007. In general, Windows had clearly overtaken Linux (and perhaps also FreeBSD - HardenedBSD exists for a reason) in terms of security by 2007 at the latest, when the (rightly) much-maligned Vista with its noticeably more secure kernel was made available to the general public.

??

It stands for Write XOR eXecute. That is either a region of memory is writable or it is executable.

It has been default in OpenBSD since 2016:

https://undeadly.org/cgi?action=arti...20160527203200

but has been around since OpenBSD 3.3 https://www.openbsd.org/33.html



(I understand why they use MagicPoint, but wish they used OpenDocument Format instead.)