💾 Archived View for thfr.info › openbsd › my-openbsd-philosophy.gmi captured on 2023-09-08 at 15:47:31. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
originally published: 2023-08-27
last updated: 2023-08-27
This is a personal take on what keeps me with OpenBSD as my main operating system and daily driver. Note that I'm on no way speaking for the project itself here, only as the "private internet citizen" that I am most of the time anyway. Use it at your own risk. And while security is of course a significant argument behind OpenBSD, I am no security expert and not privy to the debates that are happening in that community.
So much for the disclaimers, now for the fun part...
I remember Windows PCs of acquaintances, riddled with autostarting adware, likely incorporating all kinds of telemetry (spyware)...
Of course there is no absolute security, but defense in depth is an actual thing.
We haven't seen the worst yet, as more or less organized crime and nation states are continuing to try to exploit what they can to further their goals.
This is in part because of the browser-centric computer ecosystem nowadays that can cover many of the daily use cases, and OpenBSD is equipped with the latest versions of the most popular opensource browsers (Firefox, Chromium).
Of course this leaves the browser as an important (potential) point of failure/compromise. Fortunately, at least OpenBSD's Firefox and Chromium are designed with mitigations like pledge(2) and unveil(2) providing additional security not found on other platforms.
This is probably more prominent since the advent of smarphones with their app stores and in-app purchases. Nowadays, Windows includes ads in the start menu, and it has been checking for updates automatically and phoning home to Microsoft for many years. They are not alone in this - Ubuntu has telemetry enabled by default and has had partnerships with Amazon:
https://www.omgubuntu.co.uk/2020/01/ubuntu-removes-the-amazon-web-app
The bottom line is that things on your computers are increasingly designed to further tech-corporate interests rather than yours. This is something completely absent on OpenBSD from what I can discern; in part because the source code is out in the open and the funding is through the OpenBSD foundation, not any industry buy-ins.
It can be hard to get started with OpenBSD. This is in part because other operating systems try to cater to bad or wasteful computer habits, for example doing every little operation with a GUI even when it could be done much better in a terminal.
So much tries to cater to the user or consumer culture. Rather than being mesmerized by the "magic" happening behind the scenes when you perform a drag and drop operation in a GUI, it's probably better to actually understand what is happening.
This is where careful documentation and source availability play a role. Both play a big role on OpenBSD, in the man pages and the CVS source code respository.
This goes for things as simple as the OS installer - using an X11/Wayland GUI for OS installation adds many layers of potential errors and incompatibilities. OpenBSD's installer is console-based and this makes it much simpler. This extends to other aspects of the culture on OpenBSD, with a noticeable general suspicion of things that are overly abstract and convoluted, in ports, but especially in the base system.
I may get some marginally greater performance and some different, fancy software on other platforms in daily use, but all of that won't matter if the system suddenly breaks unrecoverably. OpenBSD takes security and code correctness seriously which is the foundation to minimize the risk for such events.
Examples from my experience:
There is of course the oft-feared, but probably less common possibility of becoming a victim of destructive hacking attacks, e.g. ransomware...
This is where a focus on code quality matters as a principle. Even if everything is running fine for your use case, things like spyware may be operating behind the scenes or a process may be accumulating errors that eventually end in abrupt, hard-to-diagnose errors or crashes.
Note OpenBSD is complex and sophisticated enough that it is not immune to this, but stability overall has been greater than on much bigger operating systems (in terms of manpower) in my experience. The security mitigations that trip up and prevent common exploits help me sleep better at night.
Everybody uses computers differently, though there are certainly common patterns. I would argue that for many to most people, a current web browser is a significant part of their computer use along with email and chat communication. Those are also the most problematic computer uses to lose besides data storage integrity. Many other use cases can be covered by free and open source software - take LibreOffice, GIMP, Audacity, Godot...
My personal realization when first trying OpenBSD was that the benefits of running a security-focused OS outweigh the performance and software availability limitations. Note that at the time in 2014, video playback in the browser was not smooth at all on OpenBSD (which got fixed a few years later) and I made the conscious decision that watching videos and playing video games were less important than running a sane OS not subject to some of the misguided decisions that have infested other platforms.