OpenBSD Innovations
331 comments
·February 22, 2025jmclnx
jillesvangurp
It's not the foundation that does the work but developers. With that kind of budget, the foundation is just administrative support. They aren't employing a lot of developers. Many developers are employed of course. Partially by those same fortune 500 companies that you mention.
Open source is a pragmatic arrangement where developers embedded in the industry can collaborate and share code; often explicitly supported by the companies they work for. It has worked very well for decades and there's no urgent reason to change anything.
For example, Damien Miller, who puts in a lot of time on OpenSSH, is employed by Google. Employing key contributors is how the industry supports OSS.
jorvi
> For example, Damien Miller, who puts in a lot of time on OpenSSH, is employed by Google. Employing key contributors is how the industry supports OSS.
Yeah that's just confirmation bias. How often do we read about key open source libraries that are being maintained by one random dude in his free time, said dude's free time dries up, and suddenly everyone is in panic mode on how to get funding to him.
It'd be much nicer if every tech company above X amount of yearly revenue would be required to kick in 1.0% (0.1%? 2.5%?) of their profit into a foundation. That foundation then would put out bounties or contracts for open source project maintainers. The priority (= monetary value) of these would be decided on by a mix of community voting, open source expert panel, and commercial interest, split ⅓/⅓/⅓.
dimal
This seems reasonable, but my concern is that the money would not do much good. It could simply lead to a more powerful bureaucracy that prioritizes its own survival instead of it’s original mission, like what seems to have happened with the Mozilla or Wikipedia foundations. More money doesn’t always solve problems. It can simply create new problems.
jillesvangurp
There's a long tail of stuff that isn't paid indeed but I don't think this is confirmation bias. I maintain a few things myself actually. The thing is, I'm not actually expecting to get paid.I think you are underestimating just how many OSS developers have steady jobs and over estimating the urgency of the issue. I don't think the crisis you are outlining actually exists. But I'm sure there are individuals who'd like to get paid more for whatever they are doing.
LeFantome
If you want that, release your code under such a license.
null
KerrAvon
Yes. What’s interesting is that this corporate software engineering socialism isn’t new with modern open source. It dates back to the earliest operating systems for IBM mainframes.
slome
The openbsd foundation raised around 5 million, half of which has been spent. Curiously they aren't as transparent as they once were.
You mention nvidia support, others are hopeful for a better filesystem and wifi as well.
brynet
> .. wifi as well.
OpenBSD has supported 11ac for several years, and has the iwx(4) driver for modern Intel WiFi cards. There's also support for Broadcom FullMAC, bwfm(4), which is on e.g: Apple Silicon machines.
HaikuOS also has a port of OpenBSD's iwm/iwx drivers.
FreeBSD just recently announced they've started porting the OpenBSD iwx driver.. from Haiku.
https://freebsdfoundation.org/blog/laptop-support-and-usabil...
brynet
> The openbsd foundation raised around 5 million, half of which has been spent.
Citation needed, they've raised nowhere near that amount.
https://github.com/bob-beck/foundation-web/commit/483266cece...
thegeekpirate
Not OP, but they've raised $4,974,668 since 2014 (done by adding up all the thermometers at https://github.com/bob-beck/foundation-web), and I'm excluding anything prior.
That's certainly what they meant ;)
alexvitkov
Your second paragraph is explaining perfectly why open source doesn't work and how its economics don't add up.
I would also add that it indirectly kills the vast majority of programming jobs - nobody is ever going to get paid to create a JPEG decoder as everyone can just use libjpeg. Nobody is ever get paid to write a new kernel as everyone can just use Linux. Very few people are going to get paid to work on a new database as you can just use Postgres...
Once there's a good enough open source solution in a field, in the long run it will out-compete commercial offerings, even it's overall a worse package, as it's some guy's free time project and is created on a $0 budget.
Programmers work for free, end users get a worse product, companies make trillions.
mmooss
> open source doesn't work
What could you mean by that? It's an extremely successful model organizationally and technically.
> it indirectly kills the vast majority of programming jobs
All software kills the vast majority of jobs - think of all the jobs there would be if we had no software. Anyway, are we short of programming jobs?
Efficiencies create new, higher-value possibilities than, for example, JPEG decoders.
alexvitkov
> It's an extremely successful model organizationally and technically.
> Anyway, are we short of programming jobs?
> Efficiencies create new, higher-value possibilities than, for example, JPEG decoders.
ape4
I don't think there would be jobs manually doing many things that software currently does.
thayne
> I would also add that it indirectly kills the vast majority of programming jobs - nobody is ever going to get paid to create a JPEG decoder as everyone can just use libjpeg
Looked at another way, open source means that instead of a bunch of programmers getting paid to write multiple implementations of the same thing over and over, so the programmers that otherwise would be doing that can instead work on new innovative things.
In an ideal world, all software would be open source, and programmers would spend all their time improving said software for everyone. The problem is I don't know how those programmers would be compensated for their work. In many ways, open source software is a public good, since anyone can benefit from it[1], so an argument could be made that OSS should be publicly funded (i.e. paid for by government grants). However, I am doubtful that the government could do a good job of allocating resources to open source projects. Then again, I don't think the private sector is doing a great job of that either. Just look at how many resources are put into showing people ads.
[1]: And it has the interesting property, that unlike most public goods, the cost does not scale with the number of people who use it, or have a limit on the number of people who use it.
autopoiesis
Isn't the solution to have much shorter copyright terms? Software could be closed source at first, its implementation costs recouped, then opened by default when its copyright term lapses. New releases could still be closed, so income could continue. Set the term at 5-10 years, rather than >70.
z3phyr
But it is anti-alternative. It discourages alternative ways to do things.
This is bad in the long term because alternative ways of doing things open other avenues of investigation and development.
But all we get are improved versions of hammer when everything is made out as a nail.
karparov
> Your second paragraph is explaining perfectly why open source doesn't work
> some guy's free time project and is created on a $0 budget.
> Programmers work for free
You seem to be completely out of touch with what FOSS is.
The amount of relevant FOSS hacked by some teenager for free in moms basement is negligible. The largest contributors to the Linux kernel are IBM, Intel and Oracle. Nobody there works for free.
pjmlp
Because it costs down their own development costs, doing more with less.
How much upstream do you think BSD gets from Sony and Apple, besides a few crumbs?
clang was sponsored exactly to allow Google and Apple to take a compiler and not be legally obliged to upstream their sauce.
Nowadays clang has mostly replaced most proprietary compilers on surviving UNIXes, and embedded OSes, how much of those downstream changes land on upstream clang? It is mostly volunteer work improving ISO C and ISO C++ compliance, despite all the money being made by those folks.
exe34
> nobody is ever going to get paid to create a JPEG decoder as everyone can just use libjpeg.
if there's no technical reason why libjpeg isn't suitable, I'd consider it a huge waste of human life to create another. if there is a good technical reason to build a new one, then somebody will do it for free or somebody will pay for it to be made.
I think the system is working.
tredre3
> Nobody is ever get paid to write a new kernel as everyone can just use Linux
Not that it negates your point in any way, but lots of people are paid lots of money to write Zircon (Google Fuschia's kernel) which is intended to replace Linux in many scenarios.
pjmlp
Sadly it went nowhere, it remains to be seen how long it will take to join Android Things, Tango, and other Google OS related projects.
Yes I am aware it is shipping on Nest Hub.
surajrmal
I will note that the number of people who actually work on the Zircon kernel directly is relatively small. Zircon is a small fraction of Fuchsia's codebase. However if you widen your view to include things that are not in the kernel but would be in Linux the math lines up better.
LtWorf
So they are paid to write a useless toy. While people who write the useful code are not paid.
LeFantome
Nobody is ever going to pay somebody to shovel holes when they can just use a back-hoe. So, let’s outlaw industrial machinery.
Open Source achieves the exact opposite of what you say. It allows people to direct their talent and effort to solving high-value problems instead of low-value ones. Instead of writing a JPEG decoder, you can create a professional photography workflow or a pre-press pipeline. Instead of writing the low-level bits of a database, you can create an enterprise SaaS.
Yes, Open Source infrastructure is hard to compete with. However, it is super easy to out-compete companies that are wasting their engineering resources re-inventing the wheel.
Of course, there is always the option of doing the basic stuff better of course and being rewarded for it. Some will.
And, while this reply is already too long to get into it, the majority of Open Source is written by people being paid to do it. So, wrong there too.
AAAAaccountAAAA
I wouldn't be a good way to spend money and resources to rewrite things like jpeg decoders again and again. It would not help to make the final product any better, but just siphon the money off from more worthwhile purposes.
Companies make billions? Good. It's time to tax them and use the money for the benefit of everyone.
agumonkey
And I ironically think that if you want to fix the open source you end up creating a good old economy.. where people don't give, but negotiate an exchange apriori so they know they won't be disappointed after the fact.
deadbabe
When you give freely and generously to the community you should do so with no expectation of getting anything in return. Sometimes that expectation is fulfilled.
noisy_boy
They are not talking about OpenBSD's expectations, it's about the ethics (!) of the companies using things on the back of the generosity without giving back.
kweingar
I see this mindset more and more, and to me it seems against the ethos of open-source software. There's something philosophically odd about saying "you are free to use, change, redistribute, or sell this with basically no restrictions" while simultaneously maintaining that users incur unstated ethical debts by accepting. It could even be seen as a kind of bait-and-switch.
Contributions and reciprocity are praiseworthy of course, and we should all aspire to this. But that doesn't mean someone is ethically wrong for choosing to accept a gift freely given without giving one in return.
toenail
People choose BSD licenses precisely because they don't want to impose any ethics on anybody.
surajrmal
How many restaurants serve food and ask for donations from patrons instead of charge them specific amounts? People are not generous, large companies made of lots of people, none of which feel specifically responsible for the companies actions are also going to accordingly not be. If they need money, the expectations should be set accordingly. Maybe spruce should be open but features and bug reports must have accompanying bounties set by the individuals reporting them otherwise the maintainer will ignore them.
karparov
If you make it about ethics, it's not going to work. Your C-suite folks wont be on board.
You need to make it about utility. Open sourcing some package or contributions to an existing package is giving you returns far beyond your investment. A community will help maintaining, improving, growing your code. Perhaps even competitors will chip in. (If they don't, well, their loss..) It's going to be a net positive.
jjmarr
Use GPLv3 or AGPL then. If you want companies to "give back" when they use your code, put it in the licence.
Or you can charge money for your product.
zx8080
Ethics does not belong to capitalism. Money is the central part of it, not ethics.
DeathArrow
>it's about the ethics (!) of the companies
A company doesn't have ethics. It's sole purpose is to make a profit.
nickpsecurity
The license says use it however you want with nothing in return. They usually get nothing in return. It's a license best used when you want maximum uptake by users, including proprietary products. It's also good for people who enjoy knowing others enjoy using what they build. Whereas, it's one of the worst licenses if a supplier wants money.
Lets assume goals like OpenBSD's. If one also wants money, they can make the software paid, free for many categories of users, source-available, and derivatives (mods) allowed. The paid part can be regular payments or one-time per release. Probably an exception to mods allowed saying they can't backport paid features from new versions to old versions but independent creation is allowed. From there, companies will pay to support it or they'll determine it has no market value.
There are proprietary, source-available RTOS's on the market for real-time and secure use. One source said, but I haven't verified, that INTEGRITY RTOS royalty-free was around $17,000 minimum per product or company. Another said LynxOS with communications middleware was around $50,000. A number of small vendors exist showing one can generate sales if their product is marketable. Tons of companies selling firewalls, load balancers, etc like OpenBSD is often used in.
https://en.wikipedia.org/wiki/Comparison_of_real-time_operat...
So, if money is important, they can change their terms to demand money some or all of the time. If the license says "free giveaway!," expect most people to treat it that way. I imagine quite a few of the developers have exactly that expectation. They are motivated by the joy of writing great code, not money.
_flux
> By creating OpenSSH and the fact all fortune 500 companies use it
It was a fork of Tatu Ylönen's SSH, so I think it would be more accurate to call it forking, not creating.
Of course, they've created a lot of new code as well since 1999.
alecco
From a fork of an old version that was still open source, the OpenBSD team audited every single line and rewrote most of it, AFAIR.
globular-toast
> It is time these companies really give back.
Our system rewards those who take as much as they can and give as little as they can. The tradeoff here is that each entity having a certain amount of freedom makes us happier since we can be different and choose to allocate our resources in different ways. But asking corporations to give back when they don't have to is like asking your neighbours to pay more tax because the roads need repairing.
You can't appeal to individuals, so the solution is simply to raise the bar on what that minimum is. The way to do that with software is to use copyleft licences. Support copyleft projects in any way you can and reject permissively licensed projects where possible. If we had stuck with copyleft we'd be so much better off.
traceroute66
> It is time these companies really give back.
I'm not going to sit here shilling for the corporates, but at the same time I think you need to put yourself in their shoes.
The stance you are taking is essentially the same as if a chugger stops me in the street and asks me to sign up to regular donations to $charity because "its only $1 a month". To which the inevitable answer is "sure, and there are a gazillion other charities, so I'm supposed to give $1 to all of them because its 'only' $1 a month" ? I will choose which charities and how much to donate to on my terms, thank you very much.
And its the same with corporates and open-source. Your favourite pet-project might be OpenBSD and you might think $evilCorp should give more to them ? But what about all the gazillion other pieces a typical $evilCorp will use ? OpenSSL ? curl ? ping ? traceroute ? In your idealistic world a corporate would give $1m to each of them I guess ?
The fact is the corporate lawyers know you've released your software on open terms. I'm sure they would be happy to buy an OpenBSD license ... but OpenBSD made their bed, as it says on their website "OpenBSD policy is simple — OpenBSD strives to provide code that can be freely used, copied, modified, and distributed by anyone and for any purpose. "
And before you say "well, they could donate instead of buying licenses" ... let's just say you would be naïve. Buying licenses is a "simple" standardised procurement exercise in most corporates. Meanwhile giving donations typically is a far more bespoke process involving far more administrative burden. And the smaller the recipient of the donation, the more admin burden required.
As others have pointed out $evilCorp does contribute indirectly to open-source. Many of the core maintainers and contributors to open-source are employed by $evilCorp and file their PRs to the open-source projects on their employer's dime, often whilst sitting in their employer's offices, using their employer's computers and infrastructure.
formerly_proven
E-Corp typically has support contracts with vendors like Red Hat which in turn employ developers.
danlitt
> I will choose which charities and how much to donate to on my terms, thank you very much.
Indeed. The observation is that generally for most corporations the charities are "nobody" and the amounts are "$0". If you, an individual, behave this way then you're a bad person. The argument is merely that the corporate "people" are also being bad people.
> In your idealistic world a corporate would give $1m to each of them I guess?
Why make this ridiculous strawman? If we said "some reasonable amount, distributed among their dependencies" why is that unreasonable? Do we have to draw out the whole picture before these people even attempt to consider what a reasonable contribution could be?
> The fact is the corporate lawyers know you've released your software on open terms.
Yes, and corporate parasites will therefore extract the maximum value while providing the minimum in return. History repeats itself.
> Buying licenses is a "simple" standardised procurement exercise in most corporates.
If you think about this for a few seconds you will realise it is not a good excuse. If ping/openssl/whatever had a "recommended contribution" listed on their "corporate licensing" page, then there is no administrative burden required whatsoever. You just pay whatever they ask, same as a license. You think the price is too high? Make up one.
So why is there a high administrative burden? Simply, because corporates themselves place a high value on "paying the bare legal minimum". In other words, they over-value the virtue of being cheap and unsociable. If your reaction to this is "that's just how business is", then good for you: according to your understanding, business is antisocial, and should be discouraged.
YesThatTom2
John Ioannidis (first name on the list… IPsec) passed away a few weeks ago and almost nobody noticed.
I attended a memorial on Zoom and people said he also created the building blocks that permitted Mobile IP (IP on your cell phone) to work.
mmooss
Thank you for letting us know. Have you tried to submit something for the front page?
If you knew John, then my condolences. We're all using the things he built, every day.
StatsAreFun
Oh wow, I was not aware of his passing! Thank you for sharing that information. RIP John :(
brynet
In addition to work pioneering privdrop/privsep design for network daemons, and the almost ubiquitous adoption of pledge(2)/unveil(2) across the base system, I think people are missing out on much more recent mitigation work, such as mimmutable (which Linux is just beginning to land with mseal), on OpenBSD, most of a programs static address space (.text/ld.so's .text/.bss/main stack) is now automatically immutable.
There's also execute-only memory and BTI/IBT on modern Intel/AMD, and ARM machines, enabled by default. Including a significant amount of ports development work to make the larger software ecosystem ready for this.
saagarjha
Execute-only memory on ARM is a footgun (bypasses PAN); Linux and macOS both block it. OpenBSD probably should too.
brynet
Why? OpenBSD seems to think execute-only in userland is important. We've had SMAP on x86 for many years, it helped fixed bugs early, these bugs are rare now, so why is everyone concerned about kernel accesses that aren't using copyin(9)?
EPAN is already supported, hardware is now arriving, it's used if available, but the idea that execute-only was less important than PAN was probably misguided.
saagarjha
If you have EAN feel free to turn it back on but I generally believe that execute-only is less important than PAN, yes.
crest
How does execute only memory disable privileged access never memory? The bigger problem I expect is the overhead of loosing PC-relative loads unless the hardware still allows these as instruction fetching related? Would you have to dedicated one of your 31 GPRs as the table of contents pointer similar to PowerPC’s ABI (e.g. sizeof(void()(void)) == 2sizeof(void *))?
saagarjha
https://blog.siguza.net/PAN/ has a nice summary of the PAN issue. Also, you can't load data under execute-only but you can execute it (e.g. by jumping there). If you are compiling under this scheme you need to tell your compiler that this is the case.
tptacek
A phenomenal resource on the same subject:
i80and
I like this -- despite the clown nose logo, it's actually fair to my eye and is respectful to parts of OpenBSD that are thoughtfully designed.
chicom_malware
OpenBSD is thoughtfully designed because it is one of the best examples of "design by dictator" (Theo) - and a small core team - as opposed to design by committee like every other OS out there. Look me in the eye and tell me 90% of changes and unnecessary features in macOS aren't there because some team needs to justify their existence.
lobf
What features in macOS are you referring to?
arp242
I assume you meant to write "disrespectful"?
i80and
While much of this document is openly disdainful, there are areas like the malloc implementation[1] and features like the atexit hardening[2] where OpenBSD is unambiguously excellent, and it says as much, noting that the latter is a "pretty cool mitigation".
I used to do some OpenBSD ports work, and even got a tiny patch into the base system. I love OpenBSD! I don't have an axe to grind here! But it is not above reproach, and I think this site is overall harsh but fair.
jamal-kumar
Besides the clown nose on puffy it's honestly just realistic and not all just talking bad like I've seen some people do:
mmooss
They are very positive about some mitigations:
tptacek
Sure. I like pledge --- though I think OpenBSD should just do eBPF too.
mmooss
Maybe it's just limited resources? In a project that size, I can't imagine having to keep up with the resources of Linux (and to a degree with Apple, Google, and Microsoft) on one side and with all the attackers on the other side. And they want - their reason for being is - higher quality code and security than the rest.
Their 'unusual' approach to security might be a distraction they don't need. But maybe it's the only way to hope to pull it off? Maybe they can't do it the GLAM (Google, Linux, Apple, Microsoft) way with OBSD's resources.
justaj
This looks quite concerning: https://isopenbsdsecu.re/mitigations/packages/
brynet
Outdated FUD, OpenBSD's Mozilla port maintainer regularly updates and backports non-ESR Firefox to the -stable tree.
https://freshbsd.org/openbsd/ports?q=firefox
Tor browser bundle is also being updated consistently.
huang_chung
[flagged]
somat
But openbsd does have a code of conduct. you can find it here.
inopinatus
The author neither complains about it, nor says they are bothered by it. “This website was done because studying mitigations is fun, not to get involved in a huge flamewars or endless bike-shedding on mailing lists”. Misrepresentation is a poor showing. Perhaps we should take everything you write with a grain of salt, hmm?
Fun fact, Hacker News also has guidelines for conduct.
tptacek
Yeah I was worried for a second jcs might have something interesting to say about backward- and forward- edge CFI, but then I remembered he's woke and closed the tab before the mind virus could get me.
bentley
This is “stein”:
https://media.ccc.de/v/36c3-10519-a_systematic_evaluation_of...
Doesn’t look like jcs to me.
huang_chung
[flagged]
eru
> Random-data memory: the ability to specify that a variable should be initialized at load time with random byte values (placed into a new ELF .openbsd.randomdata section) was implemented in OpenBSD 5.3 by Matthew Dempsky.
What's the use case for this?
EDIT: further down is one example:
> RETGUARD is a replacement for the stack-protector which uses a per-function random cookie (located in the read-only ELF .openbsd.randomdata section) to consistency-check the return address on the stack. Implemented for amd64 and arm64 by Todd Mortimer in OpenBSD 6.4, for mips64 in OpenBSD 6.7, and powerpc/powerpc64 in OpenBSD 6.9. amd64 system call stubs also protected in OpenBSD 7.3.
brynet
https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib...
Many things, retguard uses this for per-function random cookies, for instance.
The bootloader uses this mechanism to pass data to the kernel.
https://www.openbsd.org/papers/hackfest2014-arc4random/mgp00...
ephaeton
I suppose: Sometimes things work fine with the implicit default value that you end up with. So this will cause problems when you forget to initialize values to expected sane defaults.
ndesaulniers
I would imagine that the use of uninitialized locals could no longer be deterministically used to exploit a program.
commandersaki
Really surprised that pledge / unveil isn't featured more prominently on this page.
aomix
Everything I've read about pledge and unveil really admire the approach and the results but it didn't seem to have a big impact outside of OpenBSD. It took ~20 years for OpenBSD's CSPRNG to be re-implemented everywhere else maybe we're operating on a similar timeline here.
hellcow
While not the same, this is a SECCOMP-based Linux alternative (and it can even be used to restrict pre-compiled binaries).
eyberg
We definitely took inspiration and implemented in the nanos unikernel cause we think it's a great idea:
https://nanovms.com/dev/tutorials/applying-sandbox-security-...
saagarjha
This is generally how modern systems do sandboxing.
ajb
Well, it's in date order. But they could do with a line or so of explanation
wint3rmute
Maybe I'm not getting something here, but I find the pledge/unveil approach confusing.
Why should I expect a program to set allowed syscalls/filesystem paths? Why would I trust that it will set itself the right permissions? What is allowed should be set externally from the program, similarly how I can map filesystem volumes and add capabilities to a Docker container [1].
I'm not familiar with BSD and I only used it a couple times out of curiosity. What am I missing?
[1] https://docs.docker.com/engine/security/#linux-kernel-capabi...
somat
The threat vector is not that you don't trust the program, pledge/unveil is completely unsuitable for that. but that you worry the program will be compromised while it is running.
so the observation is that programs tend to have a startup state where they need access to files and a run state where they don't. so pledge/unveil is a mechanism for a program to inform the os that it no longer needs access to files/syscalls and any future access should be considered a hostile takeover. please kill me.
IcePic
> Why should I expect a program to set allowed syscalls/filesystem paths? Why would I trust that it will set itself the right permissions?
Because the admin or owner will know FAR less about what a complex program needs at all times, and when it will be safe to drop privs. A database might be tested for a week and then it has a special snapshot thing done for the monthly backup and you did not foresee this, whereas the coders would know what perms are needed in order to do these dumps. Hence, you can't set perms just once before starting, and as a user of said software, you can't expect to just make a quick test and then design a fully working harness for it either.
bradley_taunt
Also a great resource:
eqvinox
Have they implemented ISO C11 _Thread_local yet? It's been the number one annoyance¹ with porting software to OpenBSD. It is (was?) the only mainline OS without support for native thread-local storage.
¹ e.g. https://github.com/FRRouting/frr/blob/3f290c97e8325bd9db9363...
bell-cot
For those interested in actually supporting some of this work:
gtirloni
Incredible. I wonder what's the debugging experience for userland developers with all these security features enabled (especially the memory randomization ones).
bentley
My general experience has been that it’s great at turning rare crashes into frequent crashes, which are much easier to fix.
fc417fc802
Can't you launch the debugger as root and attach to the process? Which is to say, I'd expect the experience to be approximately the same.
Alternatively, debug in a VM where the security features are disabled.
> especially the memory randomization ones
I have never once relied on memory addresses being reproducible between program runs. In an era of ASLR that seems like a really bad plan. Plus multithreading breaks that for malloc'd stuff anyway.
avodonosov
Is OpenBSD suitable for daily use on a laptop?
Does anyone have such experience? Is it ok?
LeoPanthera
The developers often use ThinkPads, and so consequently it works quite well on ThinkPads.
Your experience will be a lot more variable on any other laptop.
Worth remembering that OpenBSD has no support for bluetooth, which many users often require on a laptop.
mikem170
Small usb bluetooth dongles work, they show up as a regular audio device. I use one and sndiod can set set to automatically switch back and forth to it.
I run openbsd on my laptop, a thinkpad x260 with an ssd, and it works great.
chicom_malware
Worth mentioning lack of Bluetooth is only because they felt the existing BT stack was not up their standards and ripped it out rather than let it rot like most software.
porridgeraisin
There are a grand total of zero valid reasons for not including bluetooth in a desktop OS.
brynet
It depends on what you need for your daily use, OpenBSD has ports of common desktop environments, KDE Plasma, GNOME. In fact, thanks to KDE and GNOME port maintainers, Rafael Sadowski, and Antoine Jacoutot, respectively, OpenBSD 7.6 -current has the latest versions of both (KDE Plasma Desktop 6.3.1, GNOME 47).
I recently checked out KDE 6 for the first time last year, it really is as easy running as 'pkg_add kde kde-plasma kde-plasma-extras' and then reading through the local pkg-readme file, that said if you're not familiar with OpenBSD it won't be like other systems where it comes preinstalled and preconfigured.
https://brynet.ca/article-l13gen2.html
There's many popular window mangers and applications you can install using the package tools, as you'd expect, including Chromium and Firefox, but you can quickly search here: https://openbsd.app/
kovac
I use OpenBSD. You must check the hardware support. If it works, it works far better than Linux from my experience. Somethings to take note:
1. Power management may not be as good as with Linux
2. No HDMI sound support
3. No bluetooth
4. You need to be comfortable with config files and man pages.
5. Probably fewer applications in the ports tree (I have all I need).
matteotom
It was a few years ago, but I ran OpenBSD for about a year in college (on a Thinkpad). It worked because I rarely needed anything more than Firefox, code editors, and a shell with ssh. Most of my time was spent reading, writing papers, writing emails, and writing code.
LAC-Tech
my big issue when I looked into it was the default filesystem was quite an antiquated design that would lose or corrupt data in a powercut or unexpected shutdown. Last I checked many of the devs have fairly elaborate uninterruptable power supplies to deal with this.
A lot to like about openBSD; doas is my daily driver on linux, openbsd man changes are incredible, but I'm not going to mess about recovering disks just because I forgot to plug my laptop in.
puffybuf
I use it, and even run wayland (sway) on my dell laptop. No bluetooth support. Encrypted disk. Takes a lot of time to setup. Generally similar to linux, but less hardware support.
myaccountonhn
It works quite well. The OOB experience is very complete and hardware gets picked up without issue. However you’re limited in the amount of apps and it’s also incredibly slow, so you’ll need to really use minimal, fast cli apps.
I left it ultimately because it had way worse battery life than Linux on my T480s and I also wanted to play some games with steam.
tasuki
> it’s also incredibly slow
I never used OpenBSD. Why is it incredibly slow?
daneel_w
Disk I/O is notably slower than e.g. Linux or Windows and executional performance is generally a tiny bit slower, but nothing about it is "incredibly slow".
amatecha
well, SMT/hyper-threading is disabled by default[0] , not sure if there are other reasons though. It's not that bad, but yeah OpenBSD is probably not your optimal gaming OS :P
[0] https://www.mail-archive.com/source-changes@openbsd.org/msg9...
eru
You could probably get close to the same experience by running your BSD in a VM when you need it?
OpenBSD foundation raised around ~380 thousand IIRC.
By creating OpenSSH and the fact all fortune 500 companies use it, I would say every year, the foundation should be bringing in around 1 or 2 million. It is time these companies really give back.
And while I am here, hardware vendors should open up their source, looking directly an Nvidia.