Hey, someone here using OpenBSD? If so, tag along and share your experience with this. I'm going to install it for the first time in my T430 and I hope it runs fine.
Is there something I should be careful with either while installing or running this OS on a thinkpad?
(1/3) OpenBSD is a meme >Filesystem SSD TRIM is vital to supporting SSDs, as without it, they degrade quickly due to unnecessary reads and writes. Sadly, OpenBSD has decided not to support this. OpenBSD also does not offer a modern filesystem option. You simply get the very old BSD "Fast File System" or FFS. Why is this important? Because when most people think of a secure system, they think of being resistant to evil hackers breaking into it. But that's only one part of security. InfoSec can be generally split up into three components: Confidentiality, Integrity, and Availability. In this triad, availability seems to be the one that's lacking here. Who cares how hack-resistant your system is if the data you're protecting is corrupted? That's not even getting into the volume management stuff that's missing, and the snapshots, and the everything. "b-b-but MUH BACKUPS!!" What are you even saying? That bitrot all of a sudden doesn't exist anymore? That backups are the one and only thing you should do and should not be supplemented by a more stable filesystem? You do realize that if the filesystem is not secure and does not protect against bitrot and corruption, your precious backups are going to be fucked, because you'll be backing up corrupted data. Who even knows how far you'll have to roll back in order to get to a clean state? "ZFS is one big thing! Very not-Unix! Just combine tools, bro" OpenBSD doesn't have logical volume management either. Even if it did, FFS doesn't have the checksumming, bitrot protection, etc. Even if it did, OpenBSD softraid doesn't support as many RAID levels as other operating systems' solutions. It's just a worse deal all around.
Installed it today on my T420, but could not get EXWM to work correctly so I am back in Linux
Xavier Turner
(2/3) >Security "Only two remote holes in the default install!!!!!!!" Yay! I hope you realize that this literally only applies to a base system install with absolutely no packages added. In other words, not exactly representative or meaningful towards... anything really. OpenBSD also does not have NFSv4 support even 18 years after its standardization. This is an issue security-wise because version 4 is the only one to offer authentication with Kerberos plus encryption with the krb5p option. A common retort to this argument is that the NFSv4 protocol is "bloated", and that's why OpenBSD doesn't support it. Going off this, the OpenBSD project seems to think that authentication and encryption are bloat. Take a moment to consider that. It's certainly a very strange stance indeed, for such a "security-focused" operating system. Let's of course not forget that OpenBSD lacks a Mandatory Access Control solution such as SELinux, AppArmor, or TrustedBSD, which provide benefits that are relevant to companies, organizations, and governments looking to better secure their systems and classified data.
(3/3) >Sustainability A few years ago, OpenBSD was actually in danger of shutting down because they couldn't keep the fucking lights on. How could anyone see this as a system they could rely on, when it could be in danger of ending at any time? "but it's open source! Someone could just fork it" Oh yeah because surely they'll be able to maintain the entire OS Actually now that I think about it, that really depends on the person/organization that does it. And they might actually have some sense and be able to fix some of the issues listed here. It's official. OpenBSD would be better off if it shut down and was restarted. >C Standards-compliance "B-But OpenBSD is written in strictly standards-compliant C! Clearly that's better than muh GNU virus!" So you're not allowed to create extensions to the standard? You should only implement the standard and nothing more? Keep in mind that this is nothing like EEE, as the GNU C extensions are Free Software, with freely available source code, as opposed to proprietary shite. People should be allowed to innovate and improve things. If you're gonna be anal about standards-compliance, then why let people make their own implementations anyway? Why not have the standards organizations make one C implementation and force everyone to use it? >Miscellaneous OpenBSD's pf has inferior performance, as it only utilizes one core of one processor. GNU/Linux's netfilter firewall does not have this problem. Neither does pfsense. OpenBSD does not support any 802.11 Wi-Fi standard newer than 'n'. It also lacks Bluetooth. WINE doesn't exist on OpenBSD.
I don't get why they feel the need to post this on every single BSD thread.
Dominic Bell
Inferiority complex perhaps, or maybe Theo refused to meet one of the posters in private.
Jace Russell
Theo one hacked into this guys router and remapped his keyboard
Bentley Powell
Because it's true.
Joshua Lewis
Hi Coraline Ada, is OpenBSD really so much of a threat to your alt-left regime that you have to remove the one good thing we have left with things that OpenBSD isn't advertising in the first place?
Parker Lopez
>Hi Coraline Ada, is OpenBSD really so much of a threat to your alt-left regime who and what? >things that OpenBSD isn't advertising in the first place? OpenBSD, being a BSD unix system, seems intentionally designed to be a server OS. Much of the complaints in the pasta series, such as the Filesystem and security topics, are targeted at that. Some other complaints, such as the lack of WINE, up-to-date WiFi standards, and bluetooth, are targeted at the idea of OpenBSD as a desktop system, as many anons here claim it is good for. The C standards compliance section is in response to the 'suckless'/'cat-v'/'minimalist' types, who seem to prefer OpenBSD to systems such as GNU/Linux for reasons of C standards compliance or some other assorted bullshit.
Hudson Hall
>lack of WINE That's the WINE developers' fault, why would you blame an OS for what an application can't do?
Eli Garcia
nice post numbers, but i'm fairly certain that OpenBSD intentionally broke compatibility with WINE, which they had at one point in the past.
Caleb Adams
It's funny to promote NTFSv4 and security in the same post. NTFS is broken madness that puts features into inapproprient layers, it's poorly designed crap. Kerberos is yet another crappy feature on inappropriet layer, ipsec is more suites and doesn't have broken crypto in standard. C standard compliance is yet another crap strawman. BSD libc extensions are big extension to POSIX standars which of many has been ported to glibc. And system uses many implementation-defined language extensions (even some custom).
That was compat. layer for Linux32, not for Windows.
Kayden Wright
>NTFS wew
Caleb Edwards
yeah I always confuse those 2 names >s/NTFS/NFS/g
Chase Evans
>lack of bluetooth Honestly good. >outdated wifi only if you dont use current or if you use proprietary drivers, which you shouldnt. >minimalism being assorted bullshit thats personal taste. Thats why OpenBSD is used, as well as default security. For just nornal programming, there is no point in visual studio. For casual use, all that is necessary is a web browser, and firefox works well. Saying that society is better off with bloated software is corporate sheckle talk. As for the C standard, that is just for ease of auditing. Any reason someone gives that isnt auditability is stupid.
talk about openbsd in the software minimal thread u ignorant cunts
Adam Flores
I use OpenBSD and recently installed it on a laptop. If you need help, just post ITT and I'll do my best to answer. I recommend the Lumina desktop because it was designed for FreeBSD (as part of TrueOS) and it works well on OpenBSD. It's very lightweight and I feel more comfortable using it than something bloated like Gnome or KDE.
Samuel Fisher
>I recommend the Lumina desktop because it was designed for FreeBSD Why not cwm?
Jacob Hall
Lumina is actually. Just use one of the three window managers that comes with OBSD. fvwm, cwm, and twm. If you really need a DE then use XFCE. Very comfy and a DE.
Logan Edwards
I haven't tried it. I like desktops that resemble Windows in that they have a taskbar, start menu and desktop icons. I'll give it a try though - maybe I'll like it.
Jayden Brooks
XFCE gives me a headache.
Owen Rogers
i use it on an old laptop. it uses much less memory than linux without any extra tweaking.
-current is for developers, not users. No user should be using -current.
Brody Howard
OpenBSD isn't minimal, and that's a good thing. OpenBSD actually comes with useful stuff like xedit and ctags and yacc and lex.
Matthew Jenkins
its more minimal than most linux distros tho.
William Lopez
True, simply by not coming with GNOME. But if you were to compare a GUI-free GNU/Linux distribution versus a GUI-free OpenBSD installation, it'd be hard to pick one or the other as more minimal or less minimal. OpenBSD definitely comes with more useful stuff though, for the stuff it comes with.
Nicholas Ramirez
Nice. What applications are you running on that old laptop?
- SSDs handle wear leveling in firmware now. - OpenBSD's base system is nicely full featured. You can do a lot without installing anything external. The only package on my router is Tor and the only one on my webserver is CGit. - Along with the base system OpenBSD has security features like ASLR, strict malloc, retguard, stack canaries, and more, that benefit ALL packages. I'd rather run packaged software on OpenBSD than Linux. - You make a big deal about NFSv4 but you don't actually use it, because it sucks. Do yourself a favor and set up IPsec instead (OpenBSD's implementation is really nice to use, by the way). - Every RHEL machine I've ever seen in industry has SELinux turned off. Your fancy MAC won't do you any good if it's too complicated for even sysadmins to use. - The call for donations worked. These days OpenBSD has no trouble keeping the lights on: openbsdfoundation.org/campaign2014.html openbsdfoundation.org/campaign2015.html openbsdfoundation.org/campaign2016.html openbsdfoundation.org/campaign2017.html openbsdfoundation.org/campaign2018.html - OpenBSD isn't strict ISO C, they happily and logically extend the standard where it makes sense. Meanwhile GNU land gives you shitty extensions like strfry() and not anything useful. 2018, and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc! What a fucking joke.
Only decent point is lack of a good filesystem, but FFS with software RAID will be enough to prevent bitrot. Nothing wrong with running DragonFly/HAMMER2 on your backup server if you're worried about it.
I installed and used it as a desktop OS for a while. Some of the stuff I found a bit changeling like PF firewall rules and having to lean my way around VI, yeah I know their are other editors out but its universal to any nix systems, might as well learn it. Overall it's a pretty good for the desktop, you can install kde, Genom or something lighter like Fluxbox if ya like. Updating to stable was a bit difficult but everything is very well documented in the hand book. Been a while since if used it, one of the reason's I stopped using it was many of the packages were outdated whether its fire fox or fluxbox...
Logan Campbell
>stable In recent versions of OpenBSD you can use syspatch instead, it's very easy. >many of the packages were outdated True.
Jayden Lee
Can be a bit slow at times and the wifi is a bitch to get working. Pretty good for a router OS but at that point you might as well just use PFsense
Joseph Smith
Use wiconfig
Parker Cruz
What's so hard about fw_update followed by ifconfig iwm0 nwid networkname wpakey passwordname?
Alexander Scott
maybe they didnt read the documentation
Eli Evans
not that user, but WPA1/WEP and enterprise variants with wpa_supplicant are not well described
Jeremiah Sanders
why would you use those?
Parker Hall
If the hardware isn't supported by OpenBSD then fw_update won't work. In that case, you just physically swap the wireless card for one that is supported, then fw_update will work as you described.
Xavier Sanders
wpa1/wep is deprecated, you dont need them
Noah Edwards
Hey glibc does good extensions as well, there was a discussion with Ulrich Drepper from glibc when strl* came out. he claims that strl* are still error-prone and the only way to structure your program is to pass length explicitly and use memory functions, either standard mem{cpy,cat,cmp} or GNU extensions memp* (return end-pointer, I really miss them on BSD). And I really really agree with him on that. sourceware.org/ml/libc-alpha/2000-08/msg00061.html sourceware.org/ml/libc-alpha/2000-08/msg00053.html Unfortunately BSDs don't ship this extension.
Gavin Cox
until you do need them in real life because some people still run Windows XP and don't update their networks for decades.
Dominic Myers
I wanted to try it to use mits lisp thingy for sicp since it's unix
Luke Edwards
Has anyone set up a VPN with OpenIKED before? I want to set up an IKEDv2 one for my phone but don't know where to start.
Xavier Young
mit-scheme doesn't work well on the BSDs since GNU is fucking garbage and can't produce portable software for shit. I don't think it even compiles on the BSDs anymore without tons and tons of patches, and some of those patches disable functionality. Other Schemes do work on the BSDs, though, and mit-scheme does still work on GNU/Linux.
Easton Hill
OpenBSD is more like Research UNIX. You can use it in production with reasonable amounts of success, but it's decidedly not meant to be the sterile business-y shit that FreeBSD and much more so Linux are. It's a research platform for high quality osdev.
Drepper was an unreasonable ass and constantly full of shit, which is part of why even Red Hat forced him out in the end.
As with many other things, his opinion of strl* is bogus. He says "copying silently stops" but strlcpy of course signals truncation with an error code. The point of strlcpy was to provide a familiar interface that's easy to replace what you have: just replace your strcpy with strlcpy and the length of your dest buffer, check the function return value, and you're good.
Here's a fun exercise. How many libcs include strlcpy? Many, including most other Linux libcs like Musl. How many include mempcpy? Even the Linux kernel uses strlcpy extensively. It doesn't use mempcpy once.
Nathan Gutierrez
nwkey (WEP) is described like five lines above wpakey in ifconfig(8).
WPA1 is clearly described too. What's unclear about this?
> wpaprotos proto,proto,... > Set the comma-separated list of allowed WPA protocol versions. > > The supported values are “wpa1” and “wpa2”. wpa1 is based on > draft 3 of the IEEE 802.11i standard whereas wpa2 is based on the > ratified standard. The default value is “wpa2”. If “wpa1,wpa2” > is specified, a station will always use the wpa2 protocol when > supported by the access point.
I'll grant you enterprise is a bit of a pain, since wpa_supplicant is a completely different tool. Would be nice if they implemented enterprise natively in ifconfig like everything else.
hello user. i have OpenBSD on a T440s and it works great. *many* OpenBSD developers use Thinkpads exclusively, so support (especially for things like the out-of-the-box trackpad experience) is very good. lmk if you have questions m8
Impressed with the general gist of things, but not impressed with how little external support there is. I work as a penetration tester, and there isn't even a Metasploit package.
Honestly better off using Slackware.
Ayden Hughes
Use proper BSD - FreeBSD. It has ZFS and other goodies.
Caleb Brooks
My main issue for mempcpy is that it does what I would intuitively expect ad want from memcpy to do. In musl, both are wrappers around memcpy and strlen anyway because the heavy platform-specific optimizations don't need to be on 2 places.
Sebastian Collins
What distro and tools do you use for your job? Kali?
I get the impression that OpenBSD is focused on defensive security.
Kevin King
I admit that it is documented *somewhere*. Obvious entry point is FAQ, no mentions that it only connects to WPA2 by default and you need to be explicit about wpa1/wep. Hostname.if(5) manpage netstart(8) aren't relevant to the issue so ifconfig(8) is the last place to read. Wep was kinda expected, but wpa1 is never mentioned to require some special flag except one line in quite some of docs.
Liam Myers
ifconfig is the first manpage link in the FAQ section "Configuring your Wireless Adapter": "To connect an OpenBSD system to an existing wireless network, use the ifconfig(8) utility."
The first network connection example in hostname.if(5), which mentions WPA, says "run ifconfig to set the nwid and wpakey of the interface" and "if in doubt study ifconfig(8) and the per-driver manual pages to see what arguments are permitted". So I don't see why you're suggesting: >ifconfig(8) is the last place to read.
god, it took me around 2 mins to solve the captcha, thanks jewgle.
Also, any opinions regarding dragonfly or ghostbsd?
Oliver Anderson
DragonFly is cool if you're into HAMMER, hi-perf, or an Amiga freak. Ghost isn't really anything special.
Adrian Gomez
>and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc! What a fucking joke. are you too retarded to implement these babby tier functions using getrandom on your own?
Xavier Lopez
Both are forks of FreeBSD. GhostBSD is focused on an easy desktop experience and DragonflyBSD is focused on clustering to host VMs and fileservers.
I prefer OpenBSD because of its emphasis on security and code correctness. Code correctness is a big deal because when you use the OS every day it's easier to learn it if the delopers were obsessed with making everything logical and clean.
Joseph Sullivan
What, do you write all your programs in syscalls and pull out va_list every time you want to print formatted text to stdout? I'd rather use a libc that provides the fucking functions I want to use!
Ryder Carter
nice strawman you fucking moron, even if you're too retarded to implement 5 lines functions like these the BSD's cuck license means you can rip off their code for use in whatever proprietary garbage you maintain
Ayden Turner
hi, i use openbsd on a macbook air. it works flawlessly with a wifi usb dongle. i use dwm. i couldn't ask for a better laptop operating system, with a bit of tweaking with scripts for my wm it works great. i don't have any problems with missing software and videos play fine. i also use it on a desktop with mate.
Levi Gray
>do you write all your programs in syscalls Drop the LARP, you're not fooling anyone
Kevin King
Reminder that there's no upgrade path for new system versions except "lol just reinstall and replace your system partition"
Tyler Wright
what is it with all these fucking LARPers
Adam Foster
imagine being this dumb, fuck
Jacob Lewis
imagine not knowing what junk you were memed into using
Wyatt Peterson
Why have you not killed yourself yet? If your miserable existence's sole purpose is shitposting, you should better jump off a cliff or in front of a truck.
Please do that some time, that would be the best for everyone and probably the only good thing you ever achieved in your entire life
William Torres
>2018, and you still can't call arc4random(), arc4random_buf(), or arc4random_uniform() with glibc because it's in libbsd where it belongs, not into standard library
Ryan Young
>getrandom() draws entropy from the urandom source let's just say that I don't have much trust in Linux prng framework
Camden Taylor
mind explaining why?
Luke Richardson
>I prefer OpenBSD because of its emphasis on security and code correctness. shallow quotes don't meet reality, same with good documentation and code auditing
Thomas Cook
If you want an Unix like system use Slackware. Although I like bsd license, gnu are fucking disgusting hippies
Angel Taylor
Wait a second, why would you want a server OS on your laptop? Are you degenerate or something?
Matthew Green
history of critical vulnerability and current over-complicated design
William Morales
be specific, which vulnerabilities were caused by the prng? post CVE numbers
Ian Turner
Have you ever used OpenBSD?
Kevin Gray
Well yeah, the software in the base system is designed to work with the software in the base system. If you're upgrading part of it you want to upgrade all of it.
John Wilson
yes, very actively for last 5 years
William Edwards
no. i have been using openbsd for longer than the majority of the posters in this thread, before i even started casually using this site.(You) are a brainlet who can't even google properly. if you knew it'd take you two seconds to find the advice on replacing the kernel in an upgrade.
Justin Moore
>degenerate The correct work is "idiot"
Parker Johnson
>operating system made for the developers who also use it as a desktop and package a window manager and login manager >server os yea ok.
Nolan Green
OpenBSD's both a desktop and server OS
Jaxson Nelson
Wait a second, why would you want a dektop OS on your server? Are you degenerate or something?
Thomas Johnson
you are degenerate desu, you can use openBSD perfectly well for general day to day stuff like web browsing, watching videos, listening to music... inb4 muh games
Isaac Butler
general purpose computing
Bentley Powell
"server OS" just means it comes with special stickers and a sales rep, to normies
Ethan Brooks
>shallow quotes imagine if OpenBSD didn't have a marketing department and money to waste on shills. oh wait. they literally don't.
Hudson Roberts
I shill it for free because they gave me an operating system for free.
>Both are forks of FreeBSD DragonFlyBSD separated so many years ago, it's really not relevant to mention FreeBSD when speaking of df, just like it's irrelevant to mention NetBSD when speaking of OpenBSD. It's even more relevant to mention 4.3BSD.
Matthew Gutierrez
>just reinstall What? There's an upgrade option. Hit the letter u, not the letter i.