Jump on the OpenBSD Train


Comparisoment between FreeBSD and OpenBSD

I have been reading lately a lot about OpebBSD’s security, quality of code and Decent Documentation. I tried it a few months back then. But I have whiped my FreeBSD worsktation back then because I tought I’d make the wrong choice. Well there’s a hell of a difference between those two. Let me explain: In FreeBSD it’s all about functuality and in OpenBSD it’s all about Secutity . Those two Models can never Coexist. If you want to Build in a Maximum of features, you’ll end up with a maximum of features, but for the lack of Security. If you on the other hand go with a maximum of Security, well the Usability will suffer.

Let me give you a few examples: at first it starts with the Installer: in FreeBSD it’s all about the Choices, you can choose different Options such like random PIDs Full Disk encryption with ZFS Software RAID, you can setup Jails you have a nice (terminal based) UI where you can navigate trough. you can Boot in different modes (Single User or Multiuser Boot) and so on and so for. On OpenBSD However you have way limited Options to choose from (with the Installer) even you can have full shell access with both and can accomplish maybe most of the things in both. The Standard installer is Simple, but when you don’t work activley against the System and Read your way trough the Documentation, you end up with a Rock Solid OS. Another way the difference is enourmus is Performance: FreeBSD is a Rocket compared to OpenBSD which is rather a Snail. This has many reasons, I noticed, that OpenBSD dosen’t Use Hyperthreating and some Other CPU Features, Like Predictive Calculating, because those are proven Thread Models (Research: Spectre, Meltdown CUP Bugs) OpenBSD has no Bluetooth Support and Camera and Microphone is Disabled by default. OpenBSD uses an own Shell, called KSH (CornShell) Which has extra secutity Features. It has a set of Standard Tools which aren’t exposed to Userland and Userdata. CVEs are extremly uncommon and quickly fixed and well Communicated. All of this and way more is the Reason for OpenBSDs good repuration when it comes to Security.

But everything Comes with a Price. In FreeBSD it’s the lack of Security in favour of Functionallity. In OpenBSD it’s the lack of Usabillity in favour of Security. It’s entirely your choice to make. I’d rather Compute with some certanty that my Camera is not online and my Microphone is not recording, when I know the OS won’t support it, until I allow it to happen. Since I’m not for nothing a tinfoil-hat and actually a diagnosted paranoid, it’s a very calming feeling. The Only thing I am very much missing are Panoc for creating my Blog (I SSH into a local VM to write my Blog in VIM atm.). Normally you could just compile Pandoc. But somehow it fails to Compile on my system. Which is probaly just a missing dependecy, flag or systemsetting. I will probably figure it out at some Point. Another Thing I fear is Virtualisation. I really fear, that there’s no good Option for a VM, however I did not much reading on this Topic.

My OpenBSD Setup

I have went with CWM, that’s nativley built within OpenBSD and I have luckily already configured with my other Thinkpad x220 on Debian, so I could mostly just apply this configuration. I had a few troubles here and there, like I got no Unicode until I figured out that it was directly mentioned in the F.A.Q. that you have to configure a C locale in the .xsession. that eat up a lot of time. My Neomutt Setup I could also mostly apply from my Debian Dotfiles. The Only things I added was a custom .kshrc .xsession and .Xresources. Also I had to configure the /etc/fstab and the Ports tree. The final Push to switch to OpenBSD was that it had now the Package ncspot, which let’s you listen to Spotify trough librespot. I still need to Tweak some things and Probably will have to set up a VM with OpenBSD Desktop to be able to Document the Install Process in my Wiki for others to follow. As filemanager I use the Shell with cp, rm, mv, ls etc. If I quickly want to browse trough images, I just use ranger with w3m-img and rxvt-terminal. My Browser is Firefox, which can only read it’s own folder and access only ~/Downloads which is a bit unhandy, but you get used to it. To my NAS I connect via SSHFS and to sync from VMs or VPSs I use rsync. my torrent client is aria2c. for Media Player I use MPV and to download Youtube alike videos I use youtube-dl. My Bar is a basic Lemonbar.