I don't know that it's within the purview of designing and programming a computer operating system, but there are far too many "dark web" drug dealers and mafia associates on all the OpenBSD lists. Are there any Narcotics Anonymous people or similar groups or individuals with related interests in highly secure computer systems?
If the "law" as such needs to be involved in saying no to drugs, or simply locks on all our pantry doors and keeping our food and drink free of adulteration and contamination while programming any computer systems. The FBI/RCMP cross-border mental health drug party has to be stopped or else there is no such thing as a secure computer operating system, OpenBSD or otherwise. It's going to take a lot of guns to say no to the drugs, and to the corrupt cops and disreputable doctors on both sides of the border who deal drugs so forcibly. Physical meatspace security is an absolute prerequisite for online cyberspace security. On May 23, 2025 8:31:41 AM AKDT, "H. Hartzer" <[email protected]> wrote: >Hi advocacy@, > >This list doesn't seem to be too active, but I thought it was the right >one to share this on. > >I've started a Gemini[1] site and wrote a post about my migration to >OpenBSD[2]. > >The format of the post is the gemtext, but I feel it's pretty readable >for here. So here it is, for the curious, with mild formatting edits to >make it more appropriate for email. > >-Henrich > >1: https://geminiprotocol.net/ >2: >gemini://hartzer.sh/gemlog/2025-05-23-openbsd-isnt-good-just-because-its-secure.gmi > > > >--- > > ># 2025-05-23: OpenBSD isn't good just because it's secure > >The number one marketed aspect of OpenBSD is that it's secure. And >I think that's been proven true over the years. pledge() and unveil() >are frankly fantastic. But after finally using OpenBSD as a daily >driver for a little while, I feel like it's disingenuous to only >focus on the security aspect. I had assumed, based on the large >security label put over OpenBSD, that it wasn't such a great >desktop/laptop daily driver. It most certainly is a great one. > >Previously, I had been using FreeBSD for quite a while. And I still >use it on a number of servers. Before that, Linux, which I still >use quite a bit for one purpose or another. > >I have a bit of an attachment to FreeBSD and switching away from >it was not a light decision. Lots of loyalty built up over the >years, familiarity, and comfort. And I feel that FreeBSD has a >number of compelling aspects for many. > >But most of my draw with FreeBSD has also applied to OpenBSD. It's >a bit "less" than Linux. The development cycle is slower. The >security model seems more reasonable than Linux's. Not that you >can't be reasonably secure on Linux, but I think it's scope and >general design (containers included) make it more difficult. Not >that the average user isn't well served by certain Linux distributions. > >In my case, my needs are pretty minor. I run older hardware with >gigabit expectations of performance. I'm not doing machine learning >with expensive GPUs, running hundreds of containers, and counting >each second of my boot times. Linux is a bit overkill. Not to mention >the systemd aspect which can be avoided, but tends to come with the >whole Linux package. Outside of say Alpine, most notably. > >FreeBSD is technologically a bit of a step down from Linux, and >I've liked it that way. Now, that's not totally true. It's had ZFS >for some time, which is awfully impressive. And FreeBSD has thrown >some legendary network performance figures. It's just generally >less bleeding edge than Linux, more thoroughly documented, and a >little bit easier for me to use. > >I'd put myself in the "tinkerer" category, where I like being able >to identify and fix a bug, or make some adjustment, or at least >understand what's going on. And keeping up with Linux' pace is a >lot for my hobbyist level of involvement. Technology seems like >it's pretty good where it's at, in many aspects, and fast paced >development often means more steps backward than forward -- for >someone without sky-high expectations. FreeBSD also has a better >"solid" feel to it, having a more consistent ideology throughout. >Rather than just being a kernel, with some expectations, and some >userland thrown on top. > >This all applies to OpenBSD, and even more so. OpenBSD's codebase >is a bit slimmer yet than FreeBSD's. It doesn't have Jails or any >equivalent (though pledge(), unveil(), and pf can accomplish most >of what you might sanely want to do.) It's even a bit more "behind" >FreeBSD in some ways. But this aspect of being behind, for me, is >a good thing. It's less flashy, but more thorough. > >I managed to get a few patches in for FreeBSD and a number of bug >reports. I love that it's (now) developed with git. Being able to >open up a pull request and get feedback is something I'm very >familiar with. However, FreeBSD for me was a frustrating daily >driver. Wayland on FreeBSD is a joy, but memory management on FreeBSD >seems to have some serious issues, at least on my hardware (older >amd64 architecture.) > >I have a long bug report about my attempts of running Firefox on >FreeBSD. And it does run, but it fails to evict pages from laundry, >or so I understand. So Firefox will use more and more memory with >quite few tabs, until something gets killed. And OOM killing in >FreeBSD can take a while. It may have improved some in 14.1. > >I appreciate the various developers working with me on it, but the >fact is that basic browsing would result in one crash after another. >And it wasn't just Firefox, GIMP was also quite prone to run out >of memory in conditions you wouldn't normally expect. But it was >so bad that with 16GB of memory, I'd have issues every couple of >days. With 8GB, several times a day. > >I had a final straw with FreeBSD, which was 14.2. 14.2 wouldn't >boot on my old, tested, and well known hardware (primarily Thinkpads >-- T400, R500, X200, etc.) > >I narrowed it down to where I could boot 14.2 if I installed 2GB >of memory, or if I disabled SMP. I could also boot if I set a 4GB >limit at boot time, which yes, is a lot better than being confined >to 2GB of memory. Now disabling SMP on such old hardware is a big >hit performance wise, but the bigger hit is that this brought about >new, bizarre bugs. And Firefox with 4GB of memory left me in a >situation where I couldn't even reliably have a single tab browsing >a website like Home Depot's, without OOM. This isn't just a swap >issue, either. > >But with no resolution to those issues and 14.1 being on the chopping >block, I simply couldn't use FreeBSD anymore as a daily driver. > >## Time to give OpenBSD a try... > >This led to me giving OpenBSD a serious try. I had seen for a while >the impresive community built up around it. Some very neat projects >appear to be developed on OpenBSD. It seemed to fit my use case a >bit more than FreeBSD, based on what I saw being used. And this >proved to be true. > >In a lot of ways, switching to OpenBSD was uneventful. While there >was certainly some confusion and mental shift involved, for desktop >use it just worked! And no more memory management issues. > >Firefox under OpenBSD is far superior to Firefox under FreeBSD. >OpenBSD with 2GB of memory and no swap results in a somewhat usable >Firefox that'll OOM sometimes. Add in swap, and you get something >quite usable, and quite slow. But usable! Adding swap under FreeBSD >didn't improve the Firefox situation for me. > >OpenBSD with 2GB of memory was far more usable than FreeBSD with >4GB of memory, as far as Firefox was concerned. But OpenBSD will >let me boot with my full two cores *and* 8GB of memory. And with >8GB of memory, I have to try a lot harder to push Firefox to the >point of it being slow or eventually OOMing. Which is doable -- >Firefox and modern websites are pigs. But overall, things are smooth >enough on this 16? year old hardware. > >OpenBSD's pledge() and unveil() don't just stay relegated to base >components like OpenSSH -- they are even patched into Firefox which >makes it a much more trustworthy setup, without jumping through >hoops like doing say a Jail + VNC to try and isolate Firefox, or >running it as another user. > >I will note that Wayland also works under OpenBSD, though it's less >polished than FreeBSD. Far fewer ports for it. I feel that this may >change in time. > >## OpenBSD is a "batteries included" OS > >While OpenBSD won't get you browsing without installing packages/ports, >on the server side it's awfully complete. You get a good HTTP daemon, >even an ACME client for SSL, authoritative DNS server, caching DNS >server, and easily enough to run a router. I appreciate this quite >a bit. These are well documented and tested components, already >configured in a sane and secure model. > >## OpenBSD is easy to contribute to > >Despite not having my familiar git + pull request developmental >model, OpenBSD's lists are quite active. I've had a few contributions >already, all quite minor. Now sometimes I get crickets, I think in >particular if the topic is a bit controversial, but it's quite easy >to start a discussion that results in a commit on an obvious matter. >There's three commits that mention discussion I was involved with, >and I've only been using OpenBSD since the tail end of 7.6. > >## OpenBSD is easy to use > >Now, I don't think you should try to get your grandma using OpenBSD >tomorrow, unless she was awfully savvy to begin with. But for me, >as someone writing this post in neovim, under tmux and i3, to be >hosted on Gemini, OpenBSD is really easy to figure out. It still >takes some time to understand certain points, but I feel the learning >curve is quite approachable. I feel like I have a good bit of a >comfort with a system that I'm happy with, I know where to look, >where to ask questions, and it doesn't take all day to attain this >past some initial investment. > >Most of the ports I'm familiar with were already there. I am missing >a few things, however, like Monero. > >## Not everything is perfect > >Some things feel like a step back, to me. > >* `ftp` (analogous to `fetch` on FreeBSD`) won't use IPv6 unless >you tell it to. > >* There's no `make fetch-recursive` for ports. > >* FFS without softupdates is definitely not as fast. However, >OpenBSD's scheduler is way better than FreeBSD's, and despite being >slower on some aspects, it "feels" faster. > >* I understand not including ZFS, which is enormous, but ZFS certainly >has some uses. I actually moved away from ZFS on FreeBSD prior to >14.2. At one point I had a bunch of memory being held until I >unloaded the zfs kernel module. I stopped using it to try and help >track down where my memory issues were coming from. ZFS, though, >is kind of like systemd in scope creep. > >* I have some audio stutter issues when using automatic performance >adjustment. Without this, it seems fine. > >* OpenBSD still uses CVS... Maybe gogs will save the day? > >## In conclusion... > >OpenBSD really feels like a tinker's BSD. It feels like it's regularly >developed by users on similar hardware to myself. And not just >developed, but used. It isn't just in VirtualBox on a Macbook running >MacOS, it's tried and tested for daily use. > >I really appreciate how it "just works" most of the time, how well >documented it is, and how approachable it is to develop with. > >## Links > >https://openbsd.org/ https://freebsd.org/ >https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280846 >https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285867 >https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286018 >
