Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.



Why OpenBSD rocks

Published: 03/15/2009

My first computer came with DOS 4.0. I was completely green to computers then and knew exactly two commands: dir and cd, and I learned of their existence by watching friends type these magical words into their blank screens with something blinking called a cursor. While DOS was never pretty, it was simple, responsive, and if it crashed, it crashed. None of these "pause glitches" where the system would momentarily stall and then come back at some time of its own choosing. Norton Speedisk was hypnotizing, WordPerfect 5.1 had that blue background, and being able to run multiple games efficiently meant a multi-config.sys. Life was good.

Today you have larger operating systems which consume more disk space, require much more memory, and generally have complexity up the ying yang. Windows is the prime example of this, but you could also say the same for OS X and even Linux distros like Red Hat Enterprise Linux. If you try to install RHEL with too little memory, it prompts a message during install that says at least 256 MB is required.

I discovered OpenBSD around the time version 3.3 was released. Ever since then, I've come to appreciate the minimalistic nature of the OS. Low footprint, 5-minute installation time, doesn't require much resources, and boy does it just keep on ticking. I've set up OpenBSD 4.x installations which served as basic Apache, NTP, or centralized logging servers with only 48 MB of system memory. On a single Pentium II. The dang thing would never crash until I pulled the plug or we had a power outage that we had no control over.

For some operations, I just go with OpenBSD over Linux. IPsec is built-in and only requires configuration of a few files, pf is just fantastic, CARP and pfsync is a really nice bonus without having to pay for commercial-grade failover solutions (Cisco, Check Point, etc.), and with a minimal install you only have a few hundred Megs of space used up. Simply incredible. I couldn't pull this off with a base installation of CentOS from CD. And although there are a few default services (in inetd) that I need to turn off after initial boot, I'd also have to do the same thing with CentOS. Plus, pf has these extra options like TCP SYN Proxy, packet scrubbing, and ALTQ. While iptables is in some sense easier to manage, it also lacks some of these powerful features pf has. Turn on the SYN Proxy option on a filter rule and all of a sudden portscanning a host makes OS detection much more difficult (unless have you an service listening that advertises the OS it's running on). Thank you very much, have a nice day.

The downside to OpenBSD is its patching. It's not as easy as simply doing yum -y update; you need to download the individual patches, compile it against the ports tree, and install it. As far as I know, there's no WSUS or Red Hat Satellite Server equivalent. Then again, for my installations the vast majority of patches haven't affected my environments in general since I used almost none of the affected software which the patches were released for.

The new upcoming Tron-themed cover for the 4.5 release is the best. It's worth buying the poster for.

For the quality of the product these guys produce, I gladly pay for a new CD set every six months when a new version is released. If you've never tried it, supporting the OpenBSD team and paying $50 isn't a bad deal at all

http://www.openbsd.org/




Go back to my list of rambles.