Linux or BSD?
Linux or BSD
For a desktop: MacOS (BSD)
For a server: BSD
For some shitty linode type box: Linux (Fedora/OpenSUSE)
I'd just like to interject for moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
As a Gentoo user and an OpenBSD user... Either. If I was looking for something for a server or headless machine or even just a desktop for programming and daily work, I'd use OpenBSD.
But that doesn't boot well off Libreboot, so I use Gentoo. Linux is also nicer to configure and easier to use, methinks.
I would highly recommend Debian. While not endorsed officially by GNU due to having an entirely optional nonfree repo, it is in every other sense a fully free operating system. It is highly versatile, with most desktop environments supported, as well as a minimal netinstall. It can function well as a server, with the default installation being very stable, or can be made more up to date by switching to testing or unstable. It also supports x86, arm, mips, openpower, and even some IBM mainframe systems.
OpenBSD for everything, pretty much. I like debian and other shinier distros and occasionally check them out, but ultimately I just feel .. dirty .. running anything other than obsd. 6.2 was just released (hours ago.)
I disagree with you about configuration. I find linux configuration unnecessarily complex, compared to openbsd. Too much shit going on. It's like pf vs. iptables.
I'm thinking about trying this smartos thing out. Looks interesting.
I find linux configuration unnecessarily complex
It's like pf vs. iptables.
pf is kinda retarded compared netfilter. At least it's faster than iptables. OBSD still needed pledge to prevent random binaries to reach the socket, but it's still not too sophisticated.
Free as in systemD.
What's the point of BSD?
Is it binary compatible with gnunix?
quick rundown on *bsd? why open and not freebsd?
Several fire exit if something gone wild with GNU/Linux.
Indeed. Systemd is Free Software, licensed under the GPL. That said, some people do not like systemd on a technical level, which is why the Devuan project exists.
Linux is not an operating system, it's a kernel; so the comparison makes no sense.
If you wish to compare *BSD to something, GNU would be a better thing to compare it to.
GNU does not follow the UNIX philosophy and doesn't care about it. GNU was created to realize Stallman's dream of a free as in freedom operating system.
*BSD, on the other hand, doesn't care at all about free as in freedom software (though most of it's software does respect the user's freedoms) but cares deeply about the UNIX philosophy and all it's software is engineered in such a way.
In a nutshell: use GNU if you care about software freedom but not about the UNIX philosophy, use *BSD if you care about the UNIX philosophy but not software freedom.
BSD is an open source clone of Unix operating systems, made to be 100 % compatible with it.
GNU is a free as in freedom operating system, made to respect the user's freedom. It's POSIX compliant because Stallman wanted to make it easier for developers to port over their existing projects, but coreutils (and most of GNU software) do not follow the UNIX philosophy and that sometimes creates inconsistencies when trying to port back.
*BSD does run a GNU compatibility layer not unlike Wine, so most GNU software (excluding stuff like systemd) runs flawlessly.
systemd isn't a GNU software.
creates inconsistencies when trying to port back
these bits are freedom
You're right. What I should have said is that systemd relies on the Linux kernel which by itself doesn't follow the UNIX philosophy and can't be ported to other kernels (or maybe it can, but nobody has done it.)
A bash script or any program that relies on nonstandard functions from GNU coreutils or other GNU libraries must be modified in order to be run by non-GNU systems.
Unfortunately OpenBSD is not an option for me as I run a newer Nvidia card. Settled on PC BSD, or whatever they're calling it now.
as I run a newer Nvidia card
You might as well use Windows if you don't care about your freedom and just run proprietary binary blobs everywhere.
But I thought Linux+GNU were POSIX compliant? In which case how much more is there to do?
so if someone were to transition from Linux to BSD, maybe to just try it out, how big of a leap are we talking?
Windows to Linux leap? Or more like switching from Debian to Fedora sort of things to get used to?
If you are using something like ubuntu or debian it's like transitioning from windows to linux again. This is because you need to use the command line more and you have to RTFM or manpages.
If you use something like arch or gentoo then it's painless other then less hardware support.
less hardware support.
So tossing some BSD variant on a laptop to take it for a spin will result in things like no wireless support, perhaps no support for trackpad mouse, and other such fun things?
More like in a worst case scenario you don't get a accelerated 3d desktop and can't play games except emulators with binary blobs. Their hardware support is alright it's just graphics and rarely audio that breaks or has no drivers. Maybe if you are using the newest super l33t wifi cards from intel you might not get wifi, only ethernet.
Yeah you need to do a bit of research to make sure your system is supported.
*BSD is not about software freedom but rather minimalist, functional open source software. He made the right call by using a *BSD. GNU is for those who care about the 4 freedoms that Stallman talks about.
It is mostly POSIX compliant. It just adds some new features not present on other Unix systems.
So still viable to explore in a 5 year old laptop that was mid-tier at best at its time? Which spin to you recommend? Which is the most widely supported and noob friendly, I guess i'm asking.
It is mostly POSIX compliant. It just adds some new features not present on other Unix systems.
So what I have to wonder about that is how can that be considered a bad thing? Is there some strict benefit to limiting only to being POSIX compliant? If the extensions beyond those standards/boundaries provide a better environment should they not be adopted?
Am I looking at this from the wrong angle?
Which is the most widely supported and noob friendly
FreeBSD for sure.
Is there some strict benefit to limiting only to being POSIX compliant?
It means if you have the source for it and it runs on mac or linux you can run it on the BSD's if you compile it yourself with dependencies. Open sound system is a excellent example. You can make it work on all the POSIX compliant kernels as long as a compatibilty layer is in place.
For old weak machines you don't wish to update: Debian/Ubuntu LTS
For your own personal non-normie machines: Arch/Void and Gentoo/SourceMage
ignore me, I'm just a massive fucking faggot who literally cannot stop sucking dicks.
apt is garbage though, both in terms of speed and usage design.
Half the feature are broken and don't work either. For instance, getting a base Debian install require you export the pkg list from a fresh install and import it later. Guess what though, importing apt pkg lists is completely broken.
You'd need to manually sed and awk (or perl) your list with the new list and manually issue uninstall and install commands yourself. Trash I only put up with because it has support.
I will say package management definitely seems cleaner on BSD.
I've never had this problem....
/usr/ports are easy to understand, but it's not so simple for a normie to grasp, and also updating can be a nuisance if you're doing it manually. There's a few solutions for this, but my favorite for managing ports builds is Synth. Coded in Ada no less!
It also makes it a shit ton easier to have a mixed system. Also I must admit I love AppCafe. Simple as shit gui frontend for pkg. Unlike the bloated mess Linux "app stores" have become.
Yes. Just not Wangblows or FagOS tbh.
Just to clarify what you mean for people new to BSD like OP. By mixed he means having some programs installed via the ports tree, while others are from pre-compiled packages. This used to result in a big mess. Synth gets around this by copying built ports into a local package repository, which plays well with the existing installed packages. You can also set synth to fetch remote packages if they are both available and you have not manually configured that port. If you're on a weak machine, using remote packages for X11 packages is recommended, saves a lot of time!
IMHO, BSD doesn't go far enough on the "minimalist, stable, functional" scale, and keeps a lot old UNIX atavisms and assumptions that just don't make sense in today's environment.
This is especially noticeable in default configurations for various software.
Some of it just screams "This will run perfectly on VAX-11/780!"
Especially whatever that monstrosity is that Ubuntu are creating.
< Prompt: First you must login to your Ubuntu account!
Nope, nope nope...
Is there some strict benefit to limiting only to being POSIX compliant?
Compatibility between POSIX compliant systems.
The more non-compliant features you add on top, the harder porting software gets.
systemd is prime example of this. It relies heavily on Linux-only features, which makes it practically unportable.
And BSD guys suddenly got a lot of busywork patching it out of software that started relying on it.
If the extensions beyond those standards/boundaries provide a better environment should they not be adopted?
More features in the standard make standard more complicated and harder to implement correctly.
W3C went along with this kitchen-sink approach, and now not even such massive companies like Google and Mozilla are capable of keeping up with it despite massive bloat and security issues, while millions of pajeets spend counltless hours rewirting every page for every version of every major browser.
"minimalist, stable, functional"
BSD doesn't go far enough
I don't understand your points.
I only use obsd (since about a year after it split from netbsd), so I can't comment much on free/net. But, my last install .iso was around 350MB. That's pretty minimalist, as is 'ps ax' on a default install. Lines of code? There is just no comparison.
In terms of stability, you're on glue. BSD boxes are usually definitively stable.
As far as functionality, I guess there may be some argument there but I don't really see it. If anything, you have to appreciate their commitment to supporting legacy stuff. The vax arch was only recently retired, in fact. That's a little insane, but it speaks volumes as to the work quality they do, the lengths they will go to not fuck you if you happen to be running older hardware.
I hear i386 support is going away for some of the popular linux distros. You think the BSDs are going to pull that shit?
In summary, there is one OS to rule them all and its name is OpenBSD.
I just think there's still a lot of room for improvement.
For example https://alpinelinux.org/downloads/
- extended: 330 MB
- standard: 106 MB
- vanilla: 84 MB
So, there's sure some fat to trimm.
Or even http://minimal.linux-bg.org/
- prebuild image: 6.8 MB
Yeah, it's just a kernel + libc + busybox, basically. But what else do you need?
And I still think it's too big of a footprint, tbh.
If BSD guys had same dedication, we'd be running full graphical environment from floppies right now.
Always room for improvement, I agree. You must like the suckless.org stuff.
I am not sure how an arch distro compares to OpenBSD in terms of functionality, so I don't know how they compare (and whether we are talking apples to apples.) I can't comment knowledgeably. I would guess you could get an OBSD cut down to similar size, if you wanted to. Also, Arch is a bit of an exception. Most distros are significantly larger (and DO provide a lot more apps than a base obsd install, so again, it's not a fair comparison.)
In the end, for me, security, code correctness (and all the auditing), stability, simplicity, consistency, documentation, and a general adherence to unix principles always makes obsd stand out for me. I never have problems with it (except when I create them myself, like say forgetting to update 6.1 packages between a 6.0-6.2 upgrade.)
It has its warts here and there, sure, but it's a proven old warhorse (in a time when you want an armored steed, to be sure.)
You can cut down any of the BSDs into the 6MB-8MB range, if you really want to.
But what else do you need?
The rest of the OS would be nice. You know: file management, text processing, and a C compiler.
OpenBSD does not allow kernel modules as they are a security risk, so they compile all their drivers into the kernel, which makes it fat.
You could compile your own, as well as removing any userland stuff you don't want, to make it skinnier.
6.8 MB is still rather fat. Make defconfig enables many unnecessary options, especially if you're visualizing. Busybox along with it's init implementation is also a bad choice. Sbase and ubase from the suckless guys are more minimal than busybox. Uclibc or musl with static linking should be used instead of glibc. Runsvdir or something like it should also be used.
As someone with who doesn't care about 'free as in freedom'(only that its open-source), windows is utter trash. The only thing keeping windows alive for normies is that it's 'normal' and all their applications don't run on it.
See: that one news clip of a girl failing college bcus her computer came with ubuntu
as someone who ...
muh correct C
muh "no proprietary binaries distributed within kernel", just used outside it
muh non-communist license
muh not associated with as many sexual predators
muh not apple-cucked
There is no POSIX compliant FOSS un*x, because POSIX requires money and returning to some standards that are silly. Most are POSIX-Enough, so you're mostly right.
I'd just like to interject for moment
I'd just like to interject for moment. What you're refering to as GNU/Linux, is in fact, GNU/GNU/GNU/Linux, or as I've recently taken to calling it, GNU/GNU plus GNU/Linux. GNU/Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU/GNU system made useful by the GNU/GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU/GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU/GNU which is widely used today is often called GNU/Linux, and many of its users are not aware that it is basically the GNU/GNU system, developed by the GNU/GNU Project.
There really is a GNU/Linux, and these people are using it, but it is just a part of the system they use. GNU/Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. GNU/Linux is normally used in combination with the GNU/GNU operating system: the whole system is basically GNU/GNU with GNU/Linux added, or GNU/GNU/GNU/Linux. All the so-called GNU/Linux distributions are really distributions of GNU/GNU/GNU/Linux!
Actually, it's correct to use Linux this time because both BSD and Linux are kernels and pperating systems using these kernels are being discussed.
muh vital GNU functions
won't even start without systemd
Technically, GNU has an init system.
I find it highly embarrassing that Stallman has stalled delivering GNU/Hurd so long.
general purpose OS or firewall?
Why even ask these things? Everyone knows that the only reason for BSD to exist is pfsense.
Either OpenBSD, or Illumos (OpenIndiana, SmartOS, OmniOSce, Nexenta, Tribblix).
OpenBSD and Illumos (aka the fork of OpenSolaris the hardcore Solaris engineers made and continue today) are very clean and well written pieces of code. Compare the layouts of the code for the two kernels Illumos and Linux (or ask a competent programmer-friend). I think the attack surfaces of both OpenBSD and Illumos kernels are smaller just because of the cleaner and more correct coding when compared to Free/NetBSD and especially Linux. What does Illumos have on OpenBSD? ZFS, Zones (including ones with full Linux binary compatibility), Crossbow. It had MLS-capable Mandatory Access Controls, but since no spook customers used Solaris anymore (probably because Sun Microsystems ceased to exist) it was deprecated last year and a bunch of the code was gutted. I'm sure the MLS-capable MAC could be re-inserted if someone of a higher calibre than I could patch the code up and make it work in the latest editions, AND be able to semi-competently test it for Orangebook compliance, etc.
I'm almost positive the shit code and architecture in the Linux Kernel is the cause of many data breaches into the Five-Eyes networks. "Many eyes" may be able to look at a screen full of kernel code, few eyes are trained well enough to spot major architectural bugs. Almost none of the competent eyes can understand the whole kernel anymore. Linus' top-down application of "writing secure code is pointless therefore just make it fast and less crashy" is dangerous. We've entered a period where Windows 7 kernel security surpasses vanilla Linux kernel security for a long time now. The market for exploits attracts the highest skilled troubleshooters for the highest pay, which is a disincentive toward disclosing the vulnerability publicly (at all if not 'too soon'). It is for this reason that the Linux kernel is at best a mild security risk, if not outright security-hostile software. We no longer have PaX, which opens a can of worms for the Linux community. I'm sure as more kernels get upgraded to versions which don't have PaX, the number of break-ins for Linux will increase.
Some string of major vulnerabilities found in Linux which resulted in catastrophe in the real world might startle the industry into considering saner alternatives, like Illumos or OpenBSD. OpenBSD could use a feature-fork for MAC implementation though IMO. Maybe make it a pun and call it 'ClosedBSD'...
turn on your flag so I can filter you
The FSF's biggest mistake was accepting Linux as GNU's "official" kernel. The whole point of GNU was to create a free operating system, but then you have a bunch of retards calling it "Linux" and associating it with an open source program made by a student in it's spare time.
Not only Linux stalled the production of the HURD (a kernel that is better technically speaking), it totally undermined GNU's purpose and buried the FSF in the Linux Foundation's shadow.
They should have chosen kFreeBSD instead, or a fork of Linux. It would have been better for everyone.
I haven't tried Illumos in a while, is it as easy to build yourself and update from source as FreeBSD yet? I'd like to use whatever is closest to Solaris with pkg-src, all the active forks seem to replace the userland with GNU.
Can you recommend any good books to read on Illumos or Solaris? I'm coming from FreeBSD so I can probably figure most things out but it would be nice to see proper documentation.
BSD Boyz looking for something like this
but for Solaris
the HURD (a kernel that is better technically speaking)
I'm going to have to stop you right there.
The HURD has been in development for 20 years. If you have been working on a kernel (a well-understood component of operating systems, technically speaking) for 20 years it probably means that the design is wrong. It's too complex.
So far as I know, only building Illumos on any other Illumos/OpenSolaris system is supported. For the authentic OpenSolaris experience, OpenIndiana's goal is to remain faithful to the original OpenSolaris desktop distribution, so the userland in OpenIndiana should be Solaris. Another interesting hobby distro maintained by one Solaris engineer is Tribblix. SmartOS is a great guest hosting OS, as it leverages Solaris features to create the strongest OS-level virtualization platform available (Linux + Docker solutions still don't match the security of Zones). SmartOS includes LX-branded Zones, which are Linux binary compatible, so you can drop the whole userspace of CentOS or Debian into such a Zone and run it.
OpenSolaris is Solaris 10 open-sourced. Oracle bought Sun Microsystems and re-closed Solaris for Solaris 11. That obviously doesn't 'delete' the OpenSolaris source and license, so OpenSolaris exists now as Illumos. Illumos is not fast-moving like Linux is, so like OpenBSD: books which are a few years dated are still relevant. Just disregard the Solaris Trusted Extensions and MLS-MAC stuff as that's been gutted. Maintaining MLS-MAC systems like that take extensive testing which is expensive, and really only governments/intelligence agencies use fine-grained classification systems like that. For example: I find it difficult finding literature on designing MLS-enabled systems and organizations using SELinux categories. Hell, searching for "mls" "SELinux" on google and youtube makes me cry inside.
Per OpenBSD, the best stuff is the man pages (after all, this is UNIX).
OpenIndiana online 'handbook' for example:
SmartOS is probably the most 'different' of the "Illumos distributions." It is a live system which you burn to disc or flash to thumbdrive and boot your server with (and can remove after booting). On first-boot, it uses available HDDs to create a zpool, asks some configuration questions, and reboots. Everything you do is in various Zones or VMs you create, as SmartOS is supposed to be a non-persistent hypervisor.
[Triton] SmartOS requirements are at least a gig of RAM minimum for a workable experience. The entire FOSS "private cloud" solution called Triton Smart DataCenter takes systems with a stated minimum of 16GB RAM (though I wouldn't be surprised if a hobbyist could squeak by with 8GB Dell i3/i5 clones). Triton SDC is Joyent's cloud infrastructure and glue-ware. You can deploy your own cloud OS across a [physically] freshly-deployed datacenter in as little as a couple hours. You bring up a head node with SDC boot media, and all other nodes are to PXE-boot their hypervisors from the head.
I'd just like to interject for a moment. What you’re referring to as MacOS (BSD), is in fact, XNU/BSD, or as I’ve recently taken to calling it, the XNU Open Software Foundation Mach Kernel plus BSD. BSD components are not a kernel unto themselves, but rather a set of free virtual filesystems, networking protocols, and system calls in a fully functioning kernel made useful by the XNU driver API, I/O KIT and vital system components comprising a full hybrid kernel as defined by Steven Jobs.
that saucy italian pasta
Thanks. Will look at those books tonight.
The HURD hasn't been in development for 20 years. It's development basically stopped for a whole decade and even today it doesn't even have a dozen of developers, and they have a lot of shit to catch up to.
Linux and kFreeBDS had way more developers in their initial years than the HURD in 20 years. Plus, hardware was arguably simpler.
The HURD does seem overly complex, though.
Alternatively, why not just run Solaris11, which is free for home users to "evaluate". Then at least you get encrypted zfs.
Is there any good reason to use Illumos over FreeBSD for a home server?
Aside being the pair of the lonely illumos fanboi in Holla Forums? Nothing.
Posted from my OpenBSD box with links2.
I guess OpenBSD is the new Arch.
Arch is for redditors, and focuses on customization, not correct C meme.
I think he meant that it's a distro people like to claim they use for credibility. Just as people claim to have read Donald Trump's Art of Computer Programming books.
System not release, I should say.
See picobsd and nanobsd.
But those systems are extremely minimal. The BSDs are fully usable Unix systems out of the box, with all of the Unix tools that you may find convenient pre-installed.
And we live in a world where 100GB of disk space is relatively little. It really doesn't matter how small your base system is.
Arch sucks. You really should be comparing Gentoo to OpenBSD.
How does a guy get wine working on the most current version of FreeBSD, amd64 platform? Some forums indicate the 2.0+ wine tree is fucked for 3d applications for FreeBSD, but that the 1.8.6 version is good. Saw a suggestion to revert the port, but it is too old now so that no longer works.
I have tried a few things but, can anyone tell me definitively how I should get wine to play some old pc games on amd64? Would switching to the i386 arch solve my problems?
Appreciate any guidance any of you fbsders might have.
Thanks for the suggestion. I tried that. The patches to go back to 1.8.6 (the last non-fucked version, apparently) are now too old -- when you try to downgrade the port to the appropriate revision, you get a note that says "this version is too old, command did not change the tree" or some such thing.
Am I missing a trick?
depends on your use. i've used FreeBSD and OpenBSD happily for a while now on fairly recent thinkpads. Free has ZFS, jails, linux syscall emulation, etc. but configuring the touchpad and getting the video driver working correctly was a bit of the hassle.
pledge(2) for muh security in the base system
no hours of shitty touchpad configuration and fucking with synaptics driver. just werks
video driver just werks in X11 and in virtual terms
sound stutters and i'm too retarded to figure out how to configure sndio
I don't even bother with Linux anymore.
User-interactive software is like 90% the same between Linux and the BSDs, so just use whichever one works best on your hardware.
Good advice. In practice, it's going to mean almost always using Linux.
so just use whichever one works best on your hardware
Linux it is! shame since BSD is the superior OS
Wasn't BSD proven more secure than Linux a few months ago?
Depends on your threat model.
BSD is an operating system.
Linux is a kernel.
OP is a faggot.
Superior design principles don't mean anything if it melts your CPU due to poor driver support.
SmartOS is useful as fuck, especially if you're into config-management tools (chef, puppet, ansible) and/or have PXE infrastructure on your home LAN. It runs from USB or PXE so you can throw all your SATA ports at the storage pool. It has KVM instead of bhyve so it's got better support for things like Linux and Windows VMs for proprietary stuff. If you're not able/willing to use SmartOS, then no, just stick with FreeBSD.
can I have AUR-tier/AUR packages on BSD?
Oh, you're definitely right on that. I've used OpenBSD for a while but I play with gay men on Ubuntu, so security is just a meme to me.
No. If it's not in packages/ports, you have to do it manually.
Do your gay men run well on Goybuntu?
I'm on debian because of updates and "ease of use" waiting for GUIXSD.
Anyway do you know which *BSDs have the most amount of packages and bleeding edge ports (like KDE plasma for example)
It runs better than on Windows 7 on the CPU side (probably better than Win10 too), GPU side is roughly 85% performance of Windows unless you're a woodscrews-cuck. So Source games run better, anything pretty runs terribly because Vulkan is hard.
FreeBSD has largest userbase and thus most ports probably
You can just add a directory to your ports tree, write the required files, and make && make install. But that's not any easier than doing it manually.
Don't hold your breath for KDE/GNOME on BSD. They are becoming increasingly systemd dependent.
slackware > ubuntu > openbsd > gentoo > debian
Fuck both of them and just install minix3. It's like NetBSD except it's a custom microkernel that emphasizes stability and security.
I have an Intel CPU, so I'm already running minix3.
kek, funny how they managed to turn the safe and secure part upside-down
If you are just looking to get into kernel programming I would recomend BSD. If your talking everyday use I would go with Linux
Unfortunately, the MINIXCon 2017 conference had to be cancelled due to the small number of talks submitted
I've never heard of Alpine Linux or BusyBox.
Fuck off Stallman.
How is OpenBSD as a desktop honestly? I find it to be pretty attractive in my VM but I'm not sure how it would faire for day to day use.
It still uses stuff like ncurses, though. Sabotage >
The GNU/Linux name only applies to systems that are based on GNU and Linux. Alpine Linux is not a GNU/Linux system. The Android OS is not based on the GNU OS. When people are referring to a so called "Linux OS", then statistically speaking, they are actually referring to the GNU OS or Android OS.
For me, OpenBSD is one of the only free Unixes which "just work." It has the best laptop support of all the BSDs.
I just switched from Arch to OpenBSD.
I'd like to spend a couple years with it, then 'distrohop' to something SYS V, like solaris.
Ultimately, its hard to say where security lies. In minimal clean code like OpenBSD or in elaborate constructions like Qubes. Governments have routinely rejected OpenBSD for there own projects due to a lack of MAC framework. Is this institituion wisdom or government over-engineering requirements ? Also, the security needs of governments are different than individuals. I liked qubes, and found it trivial to implement policy (PDF reader has zero internet access), etc. Now, I am interested in reading source code, and possibly contributing. This would like be impossible with a monstrosity like Qubes.
Ultimately, I'd like to experience Unix & Linux. Maybe inferno and plan9 as well.
I prefer Mac to Windows 10 but I can't recommend it to normies because of Apple's shit hardware.
I use Linux myself because Mac's WM is awful but normies can't really deal with Linux yet.
I suggest you still use an OS with sensible addons to POSIX (like xargs/find -0 or mktemp); not something like HP-UX/AIX.
If you want some kvlt shit: Illumos, Sabotage (uses a light gettext, netbsd-curses, musl and other nice shit), CRUX and 9front/9atom.
For most people, MAC frameworks do nothing and routinely get disabled the first time they throw an error. For governments, they actually have the manpower and time to hand craft MAC policies for every last application and system they run, so it's a useful feature.
openbsd guy since forever
just installed OpenIndiana hipster on a cf-30.
Damned decent so far, feels solid. I don't hate it. Zero problems during the install. Have not done much yet but did notice that it uses 1/2 the load of openbsd when playing a video file. That was kind of interesting. DE feels solid, though there were a few dock apps that were busted by default. A bit dated but I like dated.
One problem i ran into is with openvpn - can't connect to my provider with its provided scripts (that work everywhere else.) It errors out with "cannot unplumb tun0, interface does not exist." Anyone ever see that? Is there some trick to getting tun devices working?
What if I like both?
I've got this one single nonfree linux program I run regularly. Think I could use FreeBSD's sys all emulation or does it require recompilation?
For governments, they actually have the manpower and time to hand craft MAC policies for every last application and system they run, so it's a useful feature.
Its a thing of the past that its only for governments, most popular operating systems now have MAC frameworks and are being used all over the place.
Some even enable it by default.
If you look at Android or iOS they basically use MAC frameworks to secure the userland which works well.
It isn't really easy to do local kernel compromises on those systems "My last thought on this: what they want is essentially a remote kernel compromise from SMS or webpage or something, not BT/WIFI stack. It’s my unsolicited opinion that $150k for remote kernel compromise through userland vector (requiring a long chain of exploits) on a Google Pixel phone is far too low. Even Zerodium pays too little, not that you should ever sell to those guys. It may be easy when you use some shit-old version of Android where Towel root still works, but when you’re using an up-to-date Google phone, getting kernel execution is no longer an easy task. This is why we’re seeing all these super bad bugs: Remote wifi via FW/Remote wifi via this driver. Google and Apple have successfully locked down kernel intrusion via a local route. Android’s SELinux policy is very strict, that coupled with forcing least privledge makes a local kernel compromise very difficult on Pixel phones." 
A good MAC framework is lacking in OpenBSD and SELinux is a good framework but hard to work with, I'm leaning more towards AppArmor or Tomoyo or grsecurity RBAC those are fairly easy to understand and you could even ship AppArmor profiles by default since you don't need to confine all applications but just the big ones.
A good MAC framework with Pledge(2) is great but even Pledge(2) is hard to implement in big programs ( check mailing list about Firefox ) that aren't written with priv sep in mind.
The base might be secure because of Pledge and priv sep but as soon as you install 3rd party applications all that security falls apart since now something runs that could steal your ssh keys or something could make connection to the internet.
iOS makes use of TrustedBSD framework and remote exploits are expensive because they are hard to find and using that framework correctly and there are always more bugs
I donate to OpenBSD foundation but i rather see something implemented to confine 3rd party applications too since trying to Pledge(2) big applications like Firefox seems not happening anytime soon.
Debian seems to aim to enable AppArmor by default next release which is a sane idea if it ships with profiles
Some of the ports have got pledge patches, for example:
I try to avoid Firefox tbh. Even if they manage to pledge it, it's still bloated junk and not the kind of web experience I'm looking for. Only something I use as a very last resort, but normally I just avoid sites that require such browsers.
Firefox was just an example, things that take input or output something like audio players and video players like mpv or vlc and lots of other programs one might use for desktop are a large task to pledge.
BSD doesnt has as much of an SJW problem as Linux does. If you look at the OpenBSD mission statement, it is entirely merit based and fuck your politics. This is why I prefer BSD. And I find it simpler to use and configure.
This is why I like OpenBSD as well.
Let's make it more specific. Alpine Linux or OpenBSD?
For a desktop: Windows VM on a Linux host with pci passthrough
For everything else: FreeBSD
I don't understand why would anyone run busybox on PC.
anybody else here sometimes go out in public and start singing OpenBSD songs?
I really don't understand netbsd... does anybody actually use it? Is it any good?
NetBSD is your best option if you have m68k computer or other old architecture that OpenBSD no longer supports.
I use it on macppc. I like it. Very traditional and portable unix like OS. If you knew how to do something on NetBSD 1.6 then you know how to do it on 7.1.
But aren't Xen hosts more secure? And then you can use your browser in an Alpine guest.
Oh wait, you can technically have a linux dom0, so maybe that's what you mean.
I thought you meant KVM.
Don't hold your breath for KDE/GNOME on BSD
Don't worry yourself. I'm not. Unstable bloated trash. Makes sense to team it up with systemd for maximum effect.
BSD if you want to use the OS, linux if you want to tinker with the OS. BSD's are complete OS's whereas linux is just a kernel, requiring a lot more decisions just to get a whole system in place. Which distro, which...
Oh and which BSD comes down to security focus, use OpenBSD, polyplatform support focus use NetBSD, performance focus use FreeBSD.
Ya no need to deal with that bloated crap when there is stuff like Lumina. No need to spend hours ricing things out since its in the default install of TrueOS (freebsd for desktop)
These guys are fucking retards.
From years of using Xen, I can't imagine Xen ever being even remotely secure.
lmao, implying you have developed exploit mitigations.
The whole retards meme is just Linus saying that without understanding how modern security works.
Most people that shout "they are retards" are people that barely understand anything and mostly haven't written a single line of code before.
never used a bsd before. i want to set up a FreeBSD NAS at home. the reason i would like to use FreeBSD and not freeNAS is fun and maybe learning a thing or two.
OS on separate disk, two 4TB disks set up as raid 1 for storage - filesystem should probably be ZFS and not UFS? as far as i understand the services (timemachine, sftp/ssh, maybe torrenting later, no other ideas yet) should run in jails.
anything wrong with what i'm planning to do, any possible pitfalls on the way? figured i'd ask before, because i'm basically working my way through the handbook from the beginning
filesystem should probably be ZFS and not UFS?
Depends. ZFS offers neat features like deduplication and snapshots, but eats quite a bit of RAM, even without dedup.
as far as i understand the services (timemachine, sftp/ssh, maybe torrenting later, no other ideas yet) should run in jails.
Running ssh in a jail doesn't make sense because you can't access the host system. Is there any specific reason why you'd want to put ssh in a jail besides muh security?
anything wrong with what i'm planning to do, any possible pitfalls on the way?
Prepare to reinstall your FreeBSD several times because you'll learn a lot along the way and might want to get things right™ from the beginning. Don't use Ports right now, get some experience with your system first. If you update your system, use freebsd-update and follow the instructions from the handbook precisely. Use ezjail for jails. I've had trouble with realtek network chips on FreeBSD before. I'm not sure if the chips are shit or if the drivers are, but if you get sudden connection drops, keep this in mind.
Complicated MAC systems are too tedious and time consuming for normal sysadmins to use. You really need a fulltime security guy to handle that stuff. Big companies and government can afford it, but a lot of others can't. That's why OpenBSD made pledge how it is. Pledge works because it won't get deactivated by sysadmins like the SELinux stuff. And maybe Mozilla should just make better web browsers that can be priv separated easily.
Depends. ZFS offers neat features like deduplication and snapshots
i guess that i (probably) won't really need those, at least for now. i read that zfs should be a safer bet in terms of corruption, therefore i thought it would be the natural choice for a NAS. the point is basically to set it up once - i don't intend to change the filesystem later for playing around - then learn as i go. if there's no sensible usecase for ZFS at home, i don't want to use it; if it makes sense, i will try to learn it.
Is there any specific reason why you'd want to put ssh in a jail besides muh security?
no, not really. what services would you personally put in a jail on a nas? if any?
yeah, the apple way of making backups. uses some additional fancy apple protocol, for whatever reason, as far as i understand it. there's netatalk for freeBSD, looked it up some time before. my girlfriend needs it, i don't like apple.
thanks for all the advice! i'm prepared to invest some time until the initial setup is done. the drivers will hopefully not be that much of a problem: its an HP proliant microserver that i got relatively cheap and there seem to be more people running freeBSD on it.
if there's no sensible usecase for ZFS at home, i don't want to use it; if it makes sense, i will try to learn it.
If you've got at least 2 GB (better 4 GB) of RAM, then why not? I think it's the default filesystem in FreeBSD 11 anyway.
what services would you personally put in a jail on a nas? if any?
I personally wouldn't bother putting any in a jail on a NAS, but if you'd like to learn about jails, a torrent software would be good. Or a webserver with a file browser or a local pastebin instance for files.
No, Linus is right, and they're blatantly violating GPL. They should get their asses hauled into court.