Why OpenBSD
The story so far
About two months ago I installed OpenBSD on my personal laptop. My purpose was to evaluate this operating system as a daily driver. My conclusion from this experiment is simple: OpenBSD is fantastic. And, it is to stay on my machines as a daily driver.
For years, I’ve been a heavy Linux user. I started with Ubuntu. Then, I transitioned to Debian. Finally, I ended up using Void Linux as my daily driver on the work laptop. For the record, I did some development on MacOS some years ago. Also, I own a Windows machine, mostly for gaming purposes.
For the last couple of years, I’ve transitioned my entire workflow to the terminal. Instead of using GUI text editor or IDE, I use Vim. Instead of a web mail client, I read and send my mail through Neomutt. I replaced Slack web app with Weechat. I’ve found CLI clients for most of the services I am required to use daily. Examples of such services might be JIRA or GitHub. I read my RSS feed with Newsboat. I base my workflow on Suckless tools: dwm, st, and dmenu. tmux(1) resides at the heart of all my terminal sessions. I browse the web with w3m if possible. However, the web is so bloated and full of unnecessary JavaScript so Firefox and Chromium are must-haves.
I am quite glad with Void Linux. However, recently the political climate related to Linux and the Free Software movement got a bit unpleasant. This does not affect me as a user directly but makes me a bit worried about the future of these projects. Also, I have a very curious nature regarding the tooling and operating systems. Having some free time, I decided to give OpenBSD a try. This article describes my feelings (spoiler: very positive) related to this operating system.
The good parts
OpenBSD has a lot of advantages. Below I’ll try to list the ones with the greatest importance for me.
OpenBSD is easy to install
The OpenBSD installation process is straightforward. I can even say that it is one of the most simple installers compared to all Linux installers I came across. The script asks just basic and standard questions. Hostname, network interface to configure, root user, etc. The installer automatically prepares the disk partitioning scheme that follows the recommended layout. As soon as the information is gathered, the installation starts. After a few minutes, everything is ready and the computer reboots. And then comes first pleasant surprise. The installation image does not ship firmware for all possible devices (including Wi-Fi cards). However, after the first reboot, the system automatically downloads and installs the required firmware for all detected devices. As a result, when the system boots completely for the first time everything simply works. No need to manually download, install or cut binary blobs to enable wireless internet connection or hardware video acceleration. Awesome and simple.
The base installation of OpenBSD is minimal. It follows the secure by default principle. All unnecessary services are down. The sysadmin must enable them manually if needed.
What is more important, the system just works. The audio subsystem is playing sound out of the box. The graphics take advantage of the underlying hardware. The network gets connected without a hassle. Some of the above required much work to get functioning properly on Linux distributions I used in the past. At least a few years ago: now it got a bit better.
OpenBSD is simple
OpenBSD just works. That’s it. As long as your hardware is supported, the system will work for you. There is almost no need for manual tweaks or the installation of additional packages.
All parts of the base system are consistent. Similar utilities share a similar command line interface, including flags or command syntax. The configuration files share the same highly readable syntax. System configuration and setting up required system services is a real pleasure. The effort put into the design of the system is clearly visible. The system is well thought and the overall user (or rather a sysadmin) experience is great.
One of the OpenBSD features is its documentation. It is purely fantastic. Manpages contain thorough descriptions for each and every utility, service, driver, or configuration file available in the system. When combined with great FAQ, it gives the user an exhaustive source of knowledge. It is like Arch Wiki. However, it is available offline right away from system installation and is actively maintained by the system developers. As a result, the documentation is up to date all the time. As soon as any part of the system is updated, its documentation is updated as well.
All the above made me realize how much Linux userland is fragmented. After experiencing OpenBSD, any Linux distribution I came across seems like a bunch of random programs glued together to make the system work. Linux distributions made me used to ask web search for a solution to problems emerging in the system. With OpenBSD, it is quite the opposite. The web search should be the last resort. Seriously, everything is available in manpages. One just needs to learn how to read it.
OpenBSD is lightweight
Let’s start with comparing kernel package sizes. For the most recent Linux kernels (5.15 at the moment of writing of this article) the binary package weighs around 150 MB. A couple of years ago it was around 70 MB. The OpenBSD kernel is… 20 MB. The difference is enormous. Also, the Linux kernel is getting bigger and bigger with every release. The OpenBSD developers can keep the kernel small since they develop both the kernel and userland utilities in the same source tree. As a result, they can eliminate unused or old code without harsh consequences. If any utility breaks due to such a change, they can fix it right away. A small code base is easier to maintain. It also reduces the number of security vulnerabilities that might slip into the code.
As far as resource consumption is concerned, OpenBSD consumes only 100 MB of RAM after boot. This result is comparable to what I achieved with Void Linux, with a pretty similar setup regarding window manager and services that get autostarted after login. I would say, that compared to other modern operating systems, it is a pretty decent result. This makes OpenBSD suitable for older laptops that would not be capable of running other OSes.
OpenBSD is private and secure by default
OpenBSD is well known for its proactive security. It provides several security mechanisms that are enabled by default (and some of them cannot be disabled at all). Some of these security features were also adopted in other operating systems. However, they tend to be treated as optional. Furthermore, some of the hardware capabilities that can cause security risks (such as HyperThreading) are also disabled in the OpenBSD kernel. On the other hand, these security mitigations might hurt the system’s performance.
The OpenBSD codebase undergoes a constant audit process. When a security hole is found, it is fixed and disclosed to the community.
All this proactive security might be a little bit overkill for a workstation. However, it’s nice to know that there is a team of skilled developers who do their best to find and wipe every security issue to make sure that your system is safe. As long as the precautions do not hurt the performance too much, this is perfectly acceptable for me.
Furthermore, OpenBSD default installation is privacy-focused. It only enables necessary system services. Everything else must be enabled manually by the admin. As a result, the user knows exactly what and why is running on their system. Also, audio recording and camera input are disabled in the kernel by default. Thus, no userland application can access them. The OpenBSD team provides patches that enhance the security and privacy of third-party applications. The most notable example would be Firefox and Chromium that are enhanced with unveil(2) and pledge(2) calls to limit the resources the browsers have access to.
OpenBSD has all the software I need
As I mentioned before, I use mostly terminal applications in my day-to-day work. Some of these programs are even part of the base system. For instance: tmux(1), X.org server or ssh(1). The Suckless utilities are written with BSD in mind, so they are easy to compile. All other tools, like Vim, Neomutt, ZSH, or Weechat are available as packages via pkg_add(1). The only thing I use in my workflow is Docker. However, I managed to handle this issue.
My scripts required some tweaking, however. For instance, I had to replace all ALSA interactions with sndioctl(1) invocations. However, these changes were minimal and took a small amount of time.
OpenBSD has a dual release model
A new version of OpenBSD is released approximately every 6 months. It brings updates to the base system as well as the binary packages available for installation. As a result, the versions of the software are not old, compared to some Linux distributions like Debian or Ubuntu which might contain some several months old software even in the most recent releases.
Furthermore, OpenBSD allows users to use more “rolling-release” model by following -current. It brings the most recent changes to the base system, straight from the development branch. Also, the packages usually contain the newest versions from the upstreams. Despite being based on the development branch, I did not notice any instabilities so far while running -current branch on my laptop.
This duality is of great value to me. I like having the most recent software on my workstation. I accept that sometimes things might break. However, the following -current requires upgrading the system every couple of days. While not a problem on a laptop (run sysupgrade(8) and go grab a coffee), it could be a burden on my personal VPS. This is where stable releases come into play. As a result, I have the same system in both environments reducing the mental load required to operate two distinct operating systems.
OpenBSD is home to many widely-adopted applications
Last but not least, some widely adapted projects originate from OpenBSD. The most notable mentions are: OpenSSH, LibreSSL, OpenSMTPD or tmux, Packet Filter. Since I like having the latest and greatest versions of the software, using the “home” of the above software was a pretty obvious choice.
OpenBSD has a nice mascot
The mascot for OpenBSD is Puffy, the blowfish. I like fish.
The bad parts
There is no operating system without some issues. OpenBSD is no exception.
OpenBSD does not play well with nVidia
Unfortunately, OpenBSD does not provide drivers for new nVidia graphic cards. Some support for older devices is provided in nv(4). As a result, if you own a relatively new GeForce card, you will not be able to use it with OpenBSD. However, this is not an issue for me. Since my work does not require video or graphics processing, I’m good to go with integrated Intel graphics.
OpenBSD is a little bit less performant
OpenBSD is said to be less performant compared to other operating systems due to proactive security. This is partially true.
Let’s start with the boot time. On my ThinkPad X240 the system startup time is comparable to Debian with Systemd. This includes the library reordering mechanism, device detection, and starting the services. In other words: not bad. However, system boot time does not matter much when using the system.
After installation, the resource limits specified in login.conf(5) must be tweaked. The defaults are pretty harsh and will cause serious degradation of performance. When this is done, all the programs run “normally”. In other words: I don’t see any performance issues with them. However, there is an exception. The browsers (Firefox and Chromium) are noticeably slower. The most visible is the long startup time. This is not terrible, but cannot go unnoticed. However, for me, this is another reason to utilize terminal based web browsers (like w3m), as the browsing experience is better with some “modern” pages.
Conclusion
To sum up, OpenBSD is awesome. I deeply feel that I’ve found an OS to stick with for a long time now. Despite some minor drawbacks, the overall experience is very good. Furthermore, the whole system feels simple yet modern and well-designed. I would highly recommend this OS to anyone who wants to learn and understand the system that powers their computer. Furthermore, this OS just works. If one does not need to tinker with it, they will probably not be required to.
Please note, that the above reasons are my own opinions. In other words, the pros I list may not be of any value to you.