OpenBSD

Hey, someone here using OpenBSD? If so, tag along and share your experience with this.
I'm going to install it for the first time in my T430 and I hope it runs fine.

Is there something I should be careful with either while installing or running this OS on a thinkpad?

Attached: RecreationalMcPuffy.png (1072x802, 68K)

Other urls found in this thread:

openbsdfoundation.org/campaign2014.html
openbsdfoundation.org/campaign2015.html
openbsdfoundation.org/campaign2016.html
openbsdfoundation.org/campaign2017.html
openbsdfoundation.org/campaign2018.html
yggdrasil-network.github.io
sourceware.org/ml/libc-alpha/2000-08/msg00061.html
sourceware.org/ml/libc-alpha/2000-08/msg00053.html
man.openbsd.org/ifconfig.8,
twitter.com/AnonBabble

(1/3)
OpenBSD is a meme
>Filesystem
SSD TRIM is vital to supporting SSDs, as without it, they degrade quickly due to unnecessary reads and writes. Sadly, OpenBSD has decided not to support this.
OpenBSD also does not offer a modern filesystem option. You simply get the very old BSD "Fast File System" or FFS.
Why is this important? Because when most people think of a secure system, they think of being resistant to evil hackers breaking into it. But that's only one part of security. InfoSec can be generally split up into three components: Confidentiality, Integrity, and Availability.
In this triad, availability seems to be the one that's lacking here. Who cares how hack-resistant your system is if the data you're protecting is corrupted?
That's not even getting into the volume management stuff that's missing, and the snapshots, and the everything.
"b-b-but MUH BACKUPS!!"
What are you even saying? That bitrot all of a sudden doesn't exist anymore? That backups are the one and only thing you should do and should not be supplemented by a more stable filesystem?
You do realize that if the filesystem is not secure and does not protect against bitrot and corruption, your precious backups are going to be fucked, because you'll be backing up corrupted data. Who even knows how far you'll have to roll back in order to get to a clean state?
"ZFS is one big thing! Very not-Unix! Just combine tools, bro"
OpenBSD doesn't have logical volume management either. Even if it did, FFS doesn't have the checksumming, bitrot protection, etc. Even if it did, OpenBSD softraid doesn't support as many RAID levels as other operating systems' solutions. It's just a worse deal all around.

Attached: puf800X689.gif (800x689, 69K)

Installed it today on my T420, but could not get EXWM to work correctly so I am back in Linux

(2/3)
>Security
"Only two remote holes in the default install!!!!!!!"
Yay!
I hope you realize that this literally only applies to a base system install with absolutely no packages added. In other words, not exactly representative or meaningful towards... anything really.
OpenBSD also does not have NFSv4 support even 18 years after its standardization. This is an issue security-wise because version 4 is the only one to offer authentication with Kerberos plus encryption with the krb5p option.
A common retort to this argument is that the NFSv4 protocol is "bloated", and that's why OpenBSD doesn't support it. Going off this, the OpenBSD project seems to think that authentication and encryption are bloat. Take a moment to consider that. It's certainly a very strange stance indeed, for such a "security-focused" operating system.
Let's of course not forget that OpenBSD lacks a Mandatory Access Control solution such as SELinux, AppArmor, or TrustedBSD, which provide benefits that are relevant to companies, organizations, and governments looking to better secure their systems and classified data.

Attached: no-sign-hi.png (600x600, 20K)

(3/3)
>Sustainability
A few years ago, OpenBSD was actually in danger of shutting down because they couldn't keep the fucking lights on. How could anyone see this as a system they could rely on, when it could be in danger of ending at any time?
"but it's open source! Someone could just fork it"
Oh yeah because surely they'll be able to maintain the entire OS
Actually now that I think about it, that really depends on the person/organization that does it. And they might actually have some sense and be able to fix some of the issues listed here.
It's official. OpenBSD would be better off if it shut down and was restarted.
>C Standards-compliance
"B-But OpenBSD is written in strictly standards-compliant C! Clearly that's better than muh GNU virus!"
So you're not allowed to create extensions to the standard? You should only implement the standard and nothing more? Keep in mind that this is nothing like EEE, as the GNU C extensions are Free Software, with freely available source code, as opposed to proprietary shite. People should be allowed to innovate and improve things.
If you're gonna be anal about standards-compliance, then why let people make their own implementations anyway? Why not have the standards organizations make one C implementation and force everyone to use it?
>Miscellaneous
OpenBSD's pf has inferior performance, as it only utilizes one core of one processor. GNU/Linux's netfilter firewall does not have this problem. Neither does pfsense.
OpenBSD does not support any 802.11 Wi-Fi standard newer than 'n'. It also lacks Bluetooth.
WINE doesn't exist on OpenBSD.

Attached: NOpenBSD.png (1000x1000, 168K)

From what I've seen this has been refuted multiple times here.
Thanks for the bump though!

Attached: mathtranny.jpg (1080x1340, 451K)

I don't get why they feel the need to post this on every single BSD thread.

Inferiority complex perhaps, or maybe Theo refused to meet one of the posters in private.

Theo one hacked into this guys router and remapped his keyboard

Because it's true.

Hi Coraline Ada, is OpenBSD really so much of a threat to your alt-left regime that you have to remove the one good thing we have left with things that OpenBSD isn't advertising in the first place?

>Hi Coraline Ada, is OpenBSD really so much of a threat to your alt-left regime
who and what?
>things that OpenBSD isn't advertising in the first place?
OpenBSD, being a BSD unix system, seems intentionally designed to be a server OS. Much of the complaints in the pasta series, such as the Filesystem and security topics, are targeted at that. Some other complaints, such as the lack of WINE, up-to-date WiFi standards, and bluetooth, are targeted at the idea of OpenBSD as a desktop system, as many anons here claim it is good for. The C standards compliance section is in response to the 'suckless'/'cat-v'/'minimalist' types, who seem to prefer OpenBSD to systems such as GNU/Linux for reasons of C standards compliance or some other assorted bullshit.

>lack of WINE
That's the WINE developers' fault, why would you blame an OS for what an application can't do?

nice post numbers, but i'm fairly certain that OpenBSD intentionally broke compatibility with WINE, which they had at one point in the past.

It's funny to promote NTFSv4 and security in the same post. NTFS is broken madness that puts features into inapproprient layers, it's poorly designed crap. Kerberos is yet another crappy feature on inappropriet layer, ipsec is more suites and doesn't have broken crypto in standard.
C standard compliance is yet another crap strawman. BSD libc extensions are big extension to POSIX standars which of many has been ported to glibc.
And system uses many implementation-defined language extensions (even some custom).

That was compat. layer for Linux32, not for Windows.

>NTFS
wew

yeah I always confuse those 2 names
>s/NTFS/NFS/g

>lack of bluetooth
Honestly good.
>outdated wifi
only if you dont use current or if you use proprietary drivers, which you shouldnt.
>minimalism being assorted bullshit
thats personal taste. Thats why OpenBSD is used, as well as default security. For just nornal programming, there is no point in visual studio. For casual use, all that is necessary is a web browser, and firefox works well. Saying that society is better off with bloated software is corporate sheckle talk. As for the C standard, that is just for ease of auditing. Any reason someone gives that isnt auditability is stupid.

>GNU is corporate sheckle talk

I
D
G
A
F

Attached: OpenBaSeD.png (1280x1290, 1.07M)

talk about openbsd in the software minimal thread u ignorant cunts

I use OpenBSD and recently installed it on a laptop. If you need help, just post ITT and I'll do my best to answer. I recommend the Lumina desktop because it was designed for FreeBSD (as part of TrueOS) and it works well on OpenBSD. It's very lightweight and I feel more comfortable using it than something bloated like Gnome or KDE.

>I recommend the Lumina desktop because it was designed for FreeBSD
Why not cwm?

Lumina is actually. Just use one of the three window managers that comes with OBSD. fvwm, cwm, and twm. If you really need a DE then use XFCE. Very comfy and a DE.

I haven't tried it. I like desktops that resemble Windows in that they have a taskbar, start menu and desktop icons. I'll give it a try though - maybe I'll like it.

XFCE gives me a headache.

i use it on an old laptop. it uses much less memory than linux without any extra tweaking.

Attached: 1521658964577.png (937x322, 11K)

-current is for developers, not users. No user should be using -current.

OpenBSD isn't minimal, and that's a good thing. OpenBSD actually comes with useful stuff like xedit and ctags and yacc and lex.

its more minimal than most linux distros tho.

True, simply by not coming with GNOME. But if you were to compare a GUI-free GNU/Linux distribution versus a GUI-free OpenBSD installation, it'd be hard to pick one or the other as more minimal or less minimal.
OpenBSD definitely comes with more useful stuff though, for the stuff it comes with.

Nice. What applications are you running on that old laptop?

Attached: Screenshot-2018-11-18-18-25-00.png (1366x768, 1.57M)

68554761
68554778
68554797
Meme as dumb as ever.

- SSDs handle wear leveling in firmware now.
- OpenBSD's base system is nicely full featured. You can do a lot without installing anything external. The only package on my router is Tor and the only one on my webserver is CGit.
- Along with the base system OpenBSD has security features like ASLR, strict malloc, retguard, stack canaries, and more, that benefit ALL packages. I'd rather run packaged software on OpenBSD than Linux.
- You make a big deal about NFSv4 but you don't actually use it, because it sucks. Do yourself a favor and set up IPsec instead (OpenBSD's implementation is really nice to use, by the way).
- Every RHEL machine I've ever seen in industry has SELinux turned off. Your fancy MAC won't do you any good if it's too complicated for even sysadmins to use.
- The call for donations worked. These days OpenBSD has no trouble keeping the lights on:
openbsdfoundation.org/campaign2014.html
openbsdfoundation.org/campaign2015.html
openbsdfoundation.org/campaign2016.html
openbsdfoundation.org/campaign2017.html
openbsdfoundation.org/campaign2018.html
- OpenBSD isn't strict ISO C, they happily and logically extend the standard where it makes sense. Meanwhile GNU land gives you shitty extensions like strfry() and not anything useful. 2018, and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc! What a fucking joke.

Only decent point is lack of a good filesystem, but FFS with software RAID will be enough to prevent bitrot. Nothing wrong with running DragonFly/HAMMER2 on your backup server if you're worried about it.

irssi runs there and i use it as proxy sometimes and i test this on it too yggdrasil-network.github.io

I installed and used it as a desktop OS for a while. Some of the stuff I found a bit changeling like PF firewall rules and having to lean my way around VI, yeah I know their are other editors out but its universal to any nix systems, might as well learn it. Overall it's a pretty good for the desktop, you can install kde, Genom or something lighter like Fluxbox if ya like. Updating to stable was a bit difficult but everything is very well documented in the hand book. Been a while since if used it, one of the reason's I stopped using it was many of the packages were outdated whether its fire fox or fluxbox...

>stable
In recent versions of OpenBSD you can use syspatch instead, it's very easy.
>many of the packages were outdated
True.

Can be a bit slow at times and the wifi is a bitch to get working. Pretty good for a router OS but at that point you might as well just use PFsense

Use wiconfig

What's so hard about fw_update followed by ifconfig iwm0 nwid networkname wpakey passwordname?

maybe they didnt read the documentation

not that user, but WPA1/WEP and enterprise variants with wpa_supplicant are not well described

why would you use those?

If the hardware isn't supported by OpenBSD then fw_update won't work. In that case, you just physically swap the wireless card for one that is supported, then fw_update will work as you described.

wpa1/wep is deprecated, you dont need them

Hey glibc does good extensions as well, there was a discussion with Ulrich Drepper from glibc when strl* came out. he claims that strl* are still error-prone and the only way to structure your program is to pass length explicitly and use memory functions, either standard mem{cpy,cat,cmp} or GNU extensions memp* (return end-pointer, I really miss them on BSD). And I really really agree with him on that.
sourceware.org/ml/libc-alpha/2000-08/msg00061.html
sourceware.org/ml/libc-alpha/2000-08/msg00053.html
Unfortunately BSDs don't ship this extension.

until you do need them in real life because some people still run Windows XP and don't update their networks for decades.

I wanted to try it to use mits lisp thingy for sicp since it's unix

Has anyone set up a VPN with OpenIKED before? I want to set up an IKEDv2 one for my phone but don't know where to start.

mit-scheme doesn't work well on the BSDs since GNU is fucking garbage and can't produce portable software for shit.
I don't think it even compiles on the BSDs anymore without tons and tons of patches, and some of those patches disable functionality.
Other Schemes do work on the BSDs, though, and mit-scheme does still work on GNU/Linux.

OpenBSD is more like Research UNIX. You can use it in production with reasonable amounts of success, but it's decidedly not meant to be the sterile business-y shit that FreeBSD and much more so Linux are.
It's a research platform for high quality osdev.

Ok, thank you.

>do the opposite of what AI shill-bot says
got it

Attached: 1542522129946.jpg (1024x1007, 180K)

He is FreeBSD cuck, ignore him.

Drepper was an unreasonable ass and constantly full of shit, which is part of why even Red Hat forced him out in the end.

As with many other things, his opinion of strl* is bogus. He says "copying silently stops" but strlcpy of course signals truncation with an error code. The point of strlcpy was to provide a familiar interface that's easy to replace what you have: just replace your strcpy with strlcpy and the length of your dest buffer, check the function return value, and you're good.

Here's a fun exercise. How many libcs include strlcpy? Many, including most other Linux libcs like Musl. How many include mempcpy? Even the Linux kernel uses strlcpy extensively. It doesn't use mempcpy once.

nwkey (WEP) is described like five lines above wpakey in ifconfig(8).

WPA1 is clearly described too. What's unclear about this?

> wpaprotos proto,proto,...
> Set the comma-separated list of allowed WPA protocol versions.
>
> The supported values are “wpa1” and “wpa2”. wpa1 is based on
> draft 3 of the IEEE 802.11i standard whereas wpa2 is based on the
> ratified standard. The default value is “wpa2”. If “wpa1,wpa2”
> is specified, a station will always use the wpa2 protocol when
> supported by the access point.

I'll grant you enterprise is a bit of a pain, since wpa_supplicant is a completely different tool. Would be nice if they implemented enterprise natively in ifconfig like everything else.

Attached: mom I posted it again.jpg (397x385, 42K)

hello user. i have OpenBSD on a T440s and it works great.
*many* OpenBSD developers use Thinkpads exclusively, so support (especially for things like the out-of-the-box trackpad experience) is very good.
lmk if you have questions m8

Attached: 34816.jpg (1920x1200, 310K)

I recently tried out OpenBSD on my ThinkPad X200.

Impressed with the general gist of things, but not impressed with how little external support there is. I work as a penetration tester, and there isn't even a Metasploit package.

Honestly better off using Slackware.

Use proper BSD - FreeBSD. It has ZFS and other goodies.

My main issue for mempcpy is that it does what I would intuitively expect ad want from memcpy to do.
In musl, both are wrappers around memcpy and strlen anyway because the heavy platform-specific optimizations don't need to be on 2 places.

What distro and tools do you use for your job? Kali?

I get the impression that OpenBSD is focused on defensive security.

I admit that it is documented *somewhere*. Obvious entry point is FAQ, no mentions that it only connects to WPA2 by default and you need to be explicit about wpa1/wep. Hostname.if(5) manpage netstart(8) aren't relevant to the issue so ifconfig(8) is the last place to read.
Wep was kinda expected, but wpa1 is never mentioned to require some special flag except one line in quite some of docs.

ifconfig is the first manpage link in the FAQ section "Configuring your Wireless Adapter": "To connect an OpenBSD system to an existing wireless network, use the ifconfig(8) utility."

The first network connection example in hostname.if(5), which mentions WPA, says "run ifconfig to set the nwid and wpakey of the interface" and "if in doubt study ifconfig(8) and the per-driver manual pages to see what arguments are permitted". So I don't see why you're suggesting:
>ifconfig(8) is the last place to read.

And if you search for either WPA or WEP in man.openbsd.org/ifconfig.8, it explains the whole thing.

bump.

god, it took me around 2 mins to solve the captcha, thanks jewgle.

Also, any opinions regarding dragonfly or ghostbsd?

DragonFly is cool if you're into HAMMER, hi-perf, or an Amiga freak.
Ghost isn't really anything special.

>and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc! What a fucking joke.
are you too retarded to implement these babby tier functions using getrandom on your own?

Both are forks of FreeBSD. GhostBSD is focused on an easy desktop experience and DragonflyBSD is focused on clustering to host VMs and fileservers.

I prefer OpenBSD because of its emphasis on security and code correctness. Code correctness is a big deal because when you use the OS every day it's easier to learn it if the delopers were obsessed with making everything logical and clean.

What, do you write all your programs in syscalls and pull out va_list every time you want to print formatted text to stdout? I'd rather use a libc that provides the fucking functions I want to use!

nice strawman you fucking moron, even if you're too retarded to implement 5 lines functions like these the BSD's cuck license means you can rip off their code for use in whatever proprietary garbage you maintain

hi, i use openbsd on a macbook air. it works flawlessly with a wifi usb dongle. i use dwm. i couldn't ask for a better laptop operating system, with a bit of tweaking with scripts for my wm it works great. i don't have any problems with missing software and videos play fine. i also use it on a desktop with mate.

>do you write all your programs in syscalls
Drop the LARP, you're not fooling anyone

Reminder that there's no upgrade path for new system versions except "lol just reinstall and replace your system partition"

what is it with all these fucking LARPers

imagine being this dumb, fuck

imagine not knowing what junk you were memed into using

Why have you not killed yourself yet? If your miserable existence's sole purpose is shitposting, you should better jump off a cliff or in front of a truck.

Please do that some time, that would be the best for everyone and probably the only good thing you ever achieved in your entire life

>2018, and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc
because it's in libbsd where it belongs, not into standard library

>getrandom() draws entropy from the urandom source
let's just say that I don't have much trust in Linux prng framework

mind explaining why?

>I prefer OpenBSD because of its emphasis on security and code correctness.
shallow quotes don't meet reality, same with good documentation and code auditing

If you want an Unix like system use Slackware. Although I like bsd license, gnu are fucking disgusting hippies

Wait a second, why would you want a server OS on your laptop? Are you degenerate or something?

history of critical vulnerability and current over-complicated design

be specific, which vulnerabilities were caused by the prng? post CVE numbers

Have you ever used OpenBSD?

Well yeah, the software in the base system is designed to work with the software in the base system. If you're upgrading part of it you want to upgrade all of it.

yes, very actively for last 5 years

no. i have been using openbsd for longer than the majority of the posters in this thread, before i even started casually using this site.(You) are a brainlet who can't even google properly. if you knew it'd take you two seconds to find the advice on replacing the kernel in an upgrade.

>degenerate
The correct work is "idiot"

>operating system made for the developers who also use it as a desktop and package a window manager and login manager
>server os
yea ok.

OpenBSD's both a desktop and server OS

Wait a second, why would you want a dektop OS on your server? Are you degenerate or something?

you are degenerate desu, you can use openBSD perfectly well for general day to day stuff like web browsing, watching videos, listening to music...
inb4 muh games

general purpose computing

"server OS" just means it comes with special stickers and a sales rep, to normies

>shallow quotes
imagine if OpenBSD didn't have a marketing department and money to waste on shills. oh wait. they literally don't.

I shill it for free because they gave me an operating system for free.

Attached: 5f3460053b2aae8dbfed72cf216b3f40.jpg (750x699, 46K)

This thread reminds me of a windows thread full of linuxshills, maybe openbsd is usable idk.

Attached: Hmm Meme _ www_pixshark_com - Images Galleries With A Bite!.jpg (231x218, 8K)

>Both are forks of FreeBSD
DragonFlyBSD separated so many years ago, it's really not relevant to mention FreeBSD when speaking of df, just like it's irrelevant to mention NetBSD when speaking of OpenBSD.
It's even more relevant to mention 4.3BSD.

>just reinstall
What? There's an upgrade option. Hit the letter u, not the letter i.