Introduction

I've recently made the switch from various distributions of GNU/Linux such as Void or Arch to OpenBSD. I'd like to share some thoughts about it.

Differences with Linux

OpenBSD feels more like an actual cohesive operating system like Windows or MacOS, whereas GNU/Linux, depending on the distribution, can feel like a collection of random software. This is something I have enjoyed more with OpenBSD. It also has documentation that doesn't require you to search stuff up in the form of man pages. Despite being a cohesive system, OpenBSD is also much more minimal than "minimal" distributions of GNU/Linux. For instance, the entire OpenBSD base system is close to 1GB of hard disk, including Xenocara, an xorg fork, and the CWM, the window manager that OpenBSD uses, xterm, a mail and http server, and even terminal games. On Linux, it's very very easy to be below 1GB of hard disk usage, but you also have to consider that you might have to install many more programs on it compared to on OpenBSD.

OpenBSD seems to have a team of software developers that don't want to just feature creep the hell out of their system, which I respect given that GNU/Linux has added a lot of features that are in my opinion not needed. Conversations about rewriting parts of the Linux kernel in rust are especially concerning, given that there are some copyright issues related to rust. Although it is a more secure language, rust is bloated to hell and in order to compile any program in it, the package manager pulls in hundreds or thousands of dependencies.

Security

Before people freak out, yes, I know that There are many people who believe OpenBSD isn't as secure as it claims to be. The link above is the main article people point to when people say OpenBSD isn't secure. However, there are some things that Madaiden doesn't explain (in my opinion). One example is when he says that Pledge and Unveil, OpenBSD's sandboxing tools, do not replace a MAC system. He says that this is because you still have to trust the application and because you can be much more fine grained restrictions with SELinux. However, I have two things to say about this. The first problem with the pledge-unveil system that OpenBSD has is mitigated as long as you use free software, which you should be doing anyway, and the second problem is a problem, sure, but it's also a feature. You don't need to be a security expert to use OpenBSD. SELinux is very complicated to set up and use, and some people just want security by default.

There are other things he says about OpenBSD as well. For instance, he mentions the lack of verified boot. While, yes, this technically is a security problem, it's only a problem of physical security. At that point, the attack vector you are mitigating is so fringe that it's not even worth mentioning for 99% of the security focused population, and the security population is probably less than 1% of the actual population. I know this statement gets a lot of people mad, but anyone who pretends otherwise is having a nice live-action-roleplay session.

OpenBSD still does have problems with potential code-reuse attacks, which this article does mention, but I still think this article is a little misleading. In the section "Lack of Innovations", I believe the author is being uncharitible when he says that the OpenBSD project uses sly wording to hide that they didn't come up with the mitigations, when in fact it's clear that they're not claiming to have made the concept of the mitigations that they have implemented. It's still an achievement to be the first major operating system to include it. Overall, I think OpenBSD is still the most secure open source operating system that exists (other than the ones that are impossible to use normally. Looking at you, qubes.). Of course, there is HardenedBSD, but there are tradeoffs to using it as well in terms of security compared to OpenBSD (as the author of this article correctly mentions). You _might_ be able to build Linux to be more secure than OpenBSD, but there is no current distribution of Linux that I would actually consider to be more secure than OpenBSD, other than gentoo, which is really more of a meta distribution.

The License

I've actually changed my mind over the BSD licenses over the years. I felt like permissive licenses were giving private firms a pass to make the derivative code proprietary. This is a true statement, of course, because if it weren't then they wouldn't be called permissive licenses. However, there is no reason to force people to make free software if that software was made from free software. Nobody is forcing you to use proprietary software, so any derivative work from free software shouldn't matter to you, so long as you personally use the free version. The people who like the GPL might tell you that they don't believe that people can own ideas. However, their license implies that people can own ideas. This is because in order to say that people can't copy your software and make it proprietary, others have to recognize that it's your software. Remember how people say that copying isn't stealing? Well copying and making the derivative code proprietary, by extension, should also not be stealing. However, the GPL people are inconsistent in this regard and say it is.

People who like the GPL like to point to Minix and the Intel Management Engine. Minix was licensed permissively and Intel decided to use their code to make the engine. They say that the developer of Minix indirectly made software that spied on millions. However, had the developer of Minix not made the software permissive, Intel would have had to make their own operating system, which would have delayed the release of their new chips. In this alternate world, people would have been spied on anyway, but people who don't care about your ideals would have had to pay the price. Not everyone has our ideals of everything being free software, and our ideals aren't absolute. At the end of the day, we should strive to not enforce our morality on other people. If you have some moral system, you should practice it yourself and convince people it's correct. Otherwise, you have the mentality of an authoritarian.

Other BSDs

While other BSD operating systems look good as well, I stuck to OpenBSD because it seems like it does the most things correctly. NetBSD is a little bit bloated in my opinion (the no-Xorg install was much bigger than my void linux install with xorg!), and FreeBSD seems a little like the same even though I have not tried it. Still, I would probably say that netBSD is my second favorite operating system, because I love the feel of the BSD operating systems having its roots in the original AT&T operating system. It's a hard feeling to describe, but I'm sure anyone who's tried the BSDs can understand the feeling.

Conclusion