OpenBSD 7.3 Released

metrix007 writes: OpenBSD, the OS that earned an exaggerated reputation for security simply by disabling services by default, has released version 7.3. Plenty of new improvements and bug fixes including to the editor, although still no real security features to help lock down a system, no virtual machine support for non-OpenBSD guests and no modern file system.

Bitter much?

[menkhaura]

Just use Linux. Or Windows. No need for such bitterness.

Re:

[urbanriot]

... who is bitter? You were literally the first poster.

Re:

[darkpixel2k]

... who is bitter? You were literally the first poster.

You didn't even read the summary?

Re:

[jmccue]

On slashdot, joking right ? I think we are lucky if people even reads the Title.

Like the articles, these days no one reads the summary.

Re:

[darkpixel2k]

On slashdot, joking right ? I think we are lucky if people even reads the Title.

Like the articles, these days no one reads the summary.

You must be new here. Your first response should have been a wild misunderstanding of what I said complete with straw-man argument proving I was wrong... ;)

Re: Bitter much?

[NetContempt]

Awful way of presenting any sort of technology related news.

Re:

[Shannon (77854)]

metrix007's hatred of OpenBSD and Linux is well known; his opinion of Linus and Theo:

"He used to be enthusiastic and passionate, and it's nice to see that side of him, before he decided he wanted to compete with and outdo Theo de Raadt for being the cuntiest and most needlessly antagonistic OSS project leader."

msmash should be ashamed for feeding the troll.

Re:Bitter much?

[e065c8515d206cb0e190]

I came here just to say that. The jab in TFS felt totally unnecessary.

Re:

[Oryan Quest]

Waaayyyyyyy back in the day Slashdot was instrumental in establishing OpenBSD’s exaggerated reputation for security. One that a lot of people still get caught up in even though no serious OS has shipped with a half dozen pointless services running in well over a decade.

To be fair to obsd it also had pf which is also no longer a big deal.

But it’s nice to see people finally admitting obsd isn’t special in 2023.

Re:

[Noryungi]

I am sure you a great security expert, just like 99% of people on /.

Re:

[Oryan Quest]

At the time obsd was doing things much better than other unixes I might as well have been neo just for understanding ARP and buffer overflows. Your account is old enough that you know this is true.

Re:

[Noryungi]

I play a dangerous hacker on TV, but that's about it.

Re:

[tigersha]

Can you decode 256 bit AES encrypted data in realtime while the hexdump is scrolling by on the screen like Travolta did in one of his movies?

If so I have an old file for you. I forgot the password.

Re:

[e065c8515d206cb0e190]

So the editor felt like they had to make up for past excessive praise of OpenBSD?

Re:

[Oryan Quest]

Hahah honestly probably not. I probably wouldn’t normally like a submission like that but it’s nice to see someone speaking the truth. I used obsd a long time ago and reinstalled it maybe 10 years ago and was very unimpressed. Like it was no different than when I ran it in the late 90s. It’s supposedly got better in since 2010 and I hope it continues to get better.

Re: Bitter much?

[1s44c]

Pf is very nice. It's so much nicer to use than iptables.

I think you forgot openssh though. The Linux works utterly depends on openssh.

Re:

[tigersha]

Yup. That is the reason I ran it on a SBC firewall years ago. For a single use smallish appliance OpenBSD is not bad.

Re:

[blahabl]

Sure. We too now don't enable useless services, we too now have pf. I wonder what's the current thing that we'll be saying in 5 years that "we have it too now", that OBSD users have now.

Re:

[Oryan Quest]

I wonder what's the current thing that we'll be saying in 5 years that "we have it too now", that OBSD users have now.

We got all that stuff a long time ago bro. Probably the next advancement we’ll steal from obsd is having no drivers for anything.

Re:

[arglebargle_xiv]

no serious OS has shipped with a half dozen pointless services running in well over a decade.

No, with Windows and many Linux distros it's more like two or three dozen pointless services.

Seriously

[Oryan Quest]

This is why I used the serious qualifier. :)

Re:

[UnknowingFool]

So your argument boils down to the logical fallacy of No True Scotsman then.

Re:

[Oryan Quest]

And it will be Ad Hominem when I point out you’re implying Windows95 is a real OS and we can safely wave you away.

But in our hearts we know.

Re:

[UnknowingFool]

So now you are straw manning what I have said as I have not mentioned Windows 95 at all. You seem to be posting one logical fallacy after another.

Re:Bitter much?

[ArchieBunker]

Sounds like Theo was fucking OP’s wife or something. Perhaps Theo called him a bad name on a mailing list?

Re: Bitter much?

[1s44c]

They called him a bad name? That narrows it down to anyone that ever posted anything on there openbsd mailing list.

I like openbsd as software and the things that came out of the project, but Theo has a reputation for being abrasive in the extreme.

Re:

[Tom]

There must be more to it than that (the 2nd part), because if everyone whom Theo ever called a bad name came posting bitterness-infused /. stories, we would read nothing else for a couple months.

Re:

[paulfm]

Or FreeBSD - which is a bit more lax on security (but still is considered better than even Linux - when run correctly). I think things are missing (like filesystems,and VM support) both for security and for hardware compatibility reasons. openBSD is also know to run on more hardware than most other OSes (which makes it useful for some specialized tasks - and makes it a good utility OS). And it can be installed with a very small footprint. It would be nice if they added ZFS to the supported filesystems (eve

Re:Bitter much?

[jhuebel]

Yeah, somebody really needs a Snickers bar. Maybe had low blood sugar when he submitted this.

Re:Bitter much?

[roman_mir]

Exactly, this is the strangest 'story' ever. If they hate OpenBSD that much, why even post it? I love OpenBSD, I have a bunch of servers on it. I love the fact that there is no concept of 'locking down the system' there because it is the system that is locked by default, it is a vault in itself. The FS works, I have services running on it that I *need* and that I *approve* of.

Re:

[metrix007]

I don't think I really expected the story to get accepted? I know it was snarky, I posted it before going to bed...didn't really think it would go through, figured someone else would also submit it and that that story would go through.

As for the system being locked by default - not really. Quoting from another comment, but OpenBSD bets everything on eliminating all bugs, and provides very little to help lock down the system if there are bugs.

Re:

[tigersha]

Ah, we get to meet the poster. Who proceeds to inform us that he sunk to the level of the person he was attacking because he did not think it would be posted and.. it was late? Huh?

If you think you can get away with simple using “right before I go to bed, and I did not think you were listening anyways!” as an excuse to throw insults at your wife/GF you are going to die a lonely man. Maybe you should just not talk not talk to people like that?

Re:

[metrix007]

Not sure why you're taking it so personally and trying to equate a snarky summary with domestic violence.

That's pretty weird.

Re:

[tender-matser]

Well, there's no such thing as bad publicity, only publicity.

Theo (and his attrocious bunch of mini-me's) owe you a beer for bringing attention to their system (which has become rather boring and technically uninteresting, with their obsession on theoretical & dogmatic rather than real-life attacks, and their silly voodoo remedies)

OpenBSD ... provides very little to help lock down the system if there are bugs.

Why lock it down when you can just pull the plug?

Re:Bitter much?

[stanbrown]

Yep, and for those of us that actually understand technology we will continue to rely on the rock solid security provided by the hard working OpenBSD team.

Articles like this make me almost understand Theo attitude.

Re: Bitter much?

[1s44c]

By your measure of security. The claim of only 2 bugs in the default install is real.

SELinux is an ugly train wreck. It's that what you are saying openbsd is missing?

Re:

[metrix007]

No, by any objective measure of security.

Auditing to eliminate bugs is great, but you also need things in place in the event a bug gets exploited that you didn't find and fix yet.

SELinux wouldn't jive well with OpenBSD at all, but a much more simplified version, maybe something closer to AppArmor might be a good fit. At the moment they have pledge and unveil which isn't particularly useful for software that doesn't take advantage of it. Maybe something like Landlock adapted for OpenBSD would also be a good

Re:

[metrix007]

You realize Slashdot doesn't support unicode right? Your comments are a mess.

That aside, unveil is not at all the same thing, since it requires software to opt in. That's a fundamentally different approach quite useless for trying to protect against software that doesn't bother to make use of unveil, like pretty much everything on github and any commercial software.

I can feel it

[GeekWithAKnife]

With this new release we're fast approaching critical momentum for Linux. 2024 will be the year of the Linux desktop. Soon it will be shoulder to shoulder with Windows XP installations.

Re:

[93 Escort Wagon]

With this new release we're fast approaching critical momentum for Linux.
2024 will be the year of the Linux desktop. Soon it will be shoulder to shoulder with Windows XP installations.

I see the humor, but unfortunately also feel compelled to point out that BSD is not Linux.

Both are Unixes though (as is macOS).

Re: I can feel it

[GeekWithAKnife]

Fair. I shall update my post to coincide with the 1.1 version which will release in time for the "OS of the year" edition.

Re:

[tigersha]

Shame really because I really liked Windows Phone

wut

[TheWorstTakes]

I'm not going to say OpenBSD's claims to security aren't exaggerated, but this is just petty. This feels like OP is still upset that Theo de Raadt won't pointlessly incorporate Rust into the base tree for reasons.

Re:wut

[DarkOx]

That language in the summary is pretty darn weasly.

  It would be 'interesting' to see a real apples to apples BSD vs Linux comparison. Like take CVS that apply to an contemporary GNU/Linux environment with an LTS kernel, make sure the kernel is compiled with stuff for which thier is no option to build without, there is a direct parity with BSD, or a nearly 1:1 feature analog with BSD. Similar for user land, comporable feature sets in terms of build options and include components for the gnu user land vs bsd packages.

Really see which system comes out better.

Obsd does not represent bsd

[Oryan Quest]

obsd is way behind in features. Last I played with it was during the lulzsec saga and it’s improved since then but it would have taken a superhuman effort to close the gap between obsd and the other BSDs or Linux.

It’s the least feature rich of any mainstreamish BSD.

Re:

[UnknowingFool]

Yes because openbsd has always claimed to have most features—oh wait they do not. That is like complaining my Honda Accord can not haul a ton of cargo.

Re:

[Oryan Quest]

Well the above poster is talking about comparing BSD with Linux in a thread about obsd so it’s worth informing him that obsd is probably not a good candidate for making that comparison for the reasons you’ve just stated.

Re:

[UnknowingFool]

No he is complaining about something that is technically true about OpenBSD but not something that OpenBSD has ever claimed to be a characteristic of their fork. Again, my Honda Accord cannot haul a ton of cargo; while that is true it is also a pointless criticism as a person buying an Accord should know that is not a design goal for the Accord. Or in another example, why is it our IT network person cannot balance our accounts receivable every month?

Re:wut

[Noryungi]

Let me put it this way: if you take a look at some mailing lists like OSS, where people discuss things they actually know, you will note OpenBSD is one of the OS they go back to constantly.

And the refrain is: "Oh yeah, OpenBSD disabled this, or corrected this, or implemented this 3 years ago".

Maybe you don't like OpenBSD programmers or BDFL for their abrasive personalities, but they are way ahead of Linux in many ways.

Re:

[TheRealMindChild]

Like what?

Re:

[metrix007]

"Oh yeah, OpenBSD disabled this, or corrected this, or implemented this 3 years ago".

That hasn't been true for a very long time.

Re:

[metrix007]

It's not a competition. A criticism can stand on its own and remain true, regardless of if there are 'worse' alternatives out there or not.

Re:wut

[93 Escort Wagon]

"the OS that earned an exaggerated reputation for security simply by disabling services by default"

And yet it took Windows many years to figure this out...

Windows wasn’t even a discussion.

[Oryan Quest]

No. Windows is still fucked. If it suits Microsoft’s 5 year plan to keep everyone running a service that like 1% of users have any need for they’ll do it. At the time that obsd earned it’s rep windows security was like a door tied shut with a bit of twine. Like I’m not going to break in because it would take effort and I don’t care about your stash of Pam Anderson nudes enough to try.

The thing was most unixes and serious devices of the era would happily ship with chargen, e

Re:

[chill]

Rust? That sounded like the OP is still butthurt about OpenBSD not adopting Systemd, or even that Emacs is still port and not a package!

Been A While Since I Played With A *BSD

[zenlessyank]

Guess it's time to fire up a VM and see what it has to offer.

"Simply by disabling services"

[Beryllium Sphere(tm)]

They did way more work than that.

https://en.wikipedia.org/wiki/... [wikipedia.org]

If you want to make a case for an "exaggerated reputation", a better line of attack is how much the rest of the world has caught up on stack protection, API control, and so on over the decades.

Re:

[drinkypoo]

You don't even get an ssh server by default, but you do get a firewall. How many fewer services do you want?

Re:

[Noryungi]

Yeah, sure, and you are a security expert.

Re:

[bill_mcgonigle]

> Yeah, sure, and you are a security expert.

NSA has a 60-page PDF on turning off unneeded Windows services.

It's not actually to make it easier for them to hack you.

Re:

[iAmWaySmarterThanYou]

Why does it say on page 2 to turn on the "NSA Backdoor" Services?

A bit unusual, no? Maybe it's a fireball thing.

Re:

[Noryungi]

And you think the NSA is interested in helping YOU secure YOUR Windows installation?

Oh, you swet summer child...

internet

[awwshit]

Did the internet turn everyone into an anti-social crank?

Re:

[DarkOx]

Yes it really has.

Re:

[KlomDark]

Stop talking to me! ;)

Re:internet

[Seven Spirals]

Not everyone, but it's feeling more and more like that every day. Folks running /. have nearly always been petty lil' bitches about BSD. At first, it was a rivalry around features and their security. Nowadays, like most things, it's become a political statement. I've been running all three BSD's in various capacity for years. I'm not the biggest fan of OpenBSD, but I respect their goals and the (helluva lot more than disabling services) and the security improvements, driver updates, and general high quality code that comes from the project. I'm a big fan of NetBSD and we've benefited a lot since the divorce; no complaints. In some ways I'm glad that there is a big schism now between the Systemd + Code of Conduct Linux crowd and the *BSD folks. It serves as a good way to distinguish between the different mentalities you find in both camps. In general terms: Linux for the corporate masses and authoritarians and BSD for the freedom loving wizards in caves. To Metrix007 and the /. douches who accepted the TFA with that copy description: eat shit: you're just mad at what Linux has become.

Re:

[metrix007]

I don't really use Linux much aside from Void or Alpine, and otherwise I use NetBSD (which actually has some practical security features that OpenBSD would do well to incorporate).

spicy commentary

[peterww]

"the OS that earned an exaggerated reputation for security simply by disabling services by default"

Dayyyyyyum son!

I'm sure Poettering has a plan to replace it...

[93 Escort Wagon]

But, right now, the Unix world relies on openssh - an integral part of that "exaggeratedly secure" OS.

Re:I'm sure Poettering has a plan to replace it...

[Noryungi]

This. 1000 times this. Use OpenSSH? You are using something that is part of a great OS, named OpenBSD.

Re:

[metrix007]

OpenSSH is absolutely fantastic, and the best thing to come out of the OpenBSD project for sure.

Nothing except everything in the "Security" list

[im_thatoneguy]

But what else have the romans ever done for us?

Security improvements:

• *Permissions (RWX, MAP_STACK, etc.) on address space regions can be made immutable, so that mmap(2), mprotect(2) or munmap(2) fail with EPERM. Most of the program static address space is now automatically immutable (main program, ld.so, main stack, load-time shared libraries, and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers can request non-immutable static data using the "openbsd.mutable" section, or manually bring immutability to (page aligned heap objects) using mimmutable(2). The main internal data of malloc(3) is marked immutable.
• *Some architectures now have non-readable code ("xonly"), both from the perspective of userland reading its own memory, or the kernel trying to read memory in a system call. Many sloppy practices in userland code had to be repaired to allow this. The linker (ld.lld(1) or ld.bfd(1)) option --execute-only is enabled by default. In order of development: arm64, riscv64, hppa, amd64, powerpc64, powerpc (G5 only), octeon, and sparc64 (sun4u only; unfinished).
  These can still benefit from switching to --execute-only binaries if the cpu generates different traps for instruction-fetch versus data-fetch. The VM system will not allow memory to be read before it was executed which is valuable together with library relinking. Architectures switched over include loongson.
  ld.so(1) and crt0 register the location of the execve(2) stub with the kernel using pinsyscall(2), after which the kernel only accepts an execve call from that specific location.
• *Added execve(2) violations of pinsyscall(2) policy to the daily mail, available by setting rc.conf.local(5) accounting=YES.
• *Added retguard (consistency-check the return address on the stack) to amd64 syscalls.
  sshd random relinking at boot: Randomly relink and install sshd(8), resulting in a sshd binary with unknown address layout after every reboot.
• *Add another mitigation against classic BROP on systems without execute-only mmu hardware-enforcement.
• *A range-checking wrapper in front of copyin(9) and copyinstr(9) ensures the userland source address doesn't overlap the main program text and other text segments, thereby making these address ranges unreadable to the kernel. No programs have been discovered which require reading their own text segments with a system call.
• *On arm64, introduce mitigation of the Spectre-BHB (Branch History Injection) CPU vulnerability by using core-specific trampoline vectors.
• *Enabled the arm64 Data Independent Timing (DIT) feature in both the kernel and userland on CPUs that support it to mitigate timing side-channel attacks.

Just upgraded

[jmccue]

I just upgraded to 7.3 from 7.2. I thought the upgrade could not get easier then the last time. This time the upgrade was just typing 1 command, reboot then 2 commands. No questions.

Based upon that, I would not be surprised if the commands are typed automatically for me :)

For the summary, it comes across bitter. Just go here:

https://undeadly.org/cgi?action=front

to learn what the OpenBSD team is doing for us. OpenBSD even provides high quality utilities for Linux. But the Linux people do all the can to lock the BSDs out of various programs (ie: wayland and more). Instead they live like no other system matters.

For example, without OpenBSD Linux would not have a good sshd. But the BSD people needs to copy graphic routines from Linux and re-write because they are filled with linuxisms. And many times that is impossible.

Re:

[drinkypoo]

the Linux people do all the can to lock the BSDs out of various programs (ie: wayland and more). Instead they live like no other system matters.

No problem, I'm using Linux and yet I'm still not using Wayland. Why? Because KDE still doesn't work reliably with it. (It allegedly works best with recent nvidia, which I do have, but I'm not in a rush to beta test anything but games and drupal modules.)

Re:

[serviscope_minor]

Wayland is a system so superior to X that it's now taken over a decade for it to stagger into an unreliable and feature poor replacement despite heavy pushing by the largest Linux company and virtual abandonment of X.

Turns out all the "not our problem" crap like screen recording etc is actually a problem if it doesn't work.

Re:

[Noryungi]

Same here - 1st OpenBSD machine updated from 7.2 to 7.3, without a hitch and without any issue. Beautiful OS, through and through, way more reliable than any Linux out there.

Really?

[galvanash]

How does this axe grinding bullshit get through moderation???

Re:

[Jerrry]

How does this axe grinding bullshit get through moderation???

Are you serious? What moderation? This is Slashdot, after all.

What a silly summary

[1s44c]

How did this post get approved with such a childish summary?

Re:

[tigersha]

The children in charge approving the other children.

Anyone using OpenBSD in production?

[HnT]

I am very used to Debian and GNU/Linux, I must admit I have been wondering who and how are you using OpenBSD in production?

How do you patch and update the system without apt update?

And why OpenBSD instead of Linux or Free/DragonflyBSD?

Please do not understand my question wrong, I love what the OpenBSD team has contributed over decades. I genuinely do not know and I am too used to Debian. That is why I ask.

Re:

[Night Goat]

I use OpenBSD as my mail server. Patches and updating are done by running "syspatch" which applies patches, much like "apt update" does on Debian. Note that it only updates the parts of OpenBSD that are considered part of "base," not packages from ports. If there were a major update to my mail software that I just had to install ASAP as opposed to waiting for the semi-yearly OS release, I could build from source I suppose. It's never come up as an issue for me.

I use OpenBSD because I like how all of its com

Re:

[ArchieBunker]

Not exactly production but I have used OpenBSD since the 2.3 days for my personal firewall/server/shell box. Back in the old days you had to patch things manually but now you just run syspatch and new patches are downloaded and installed. Same with upgrades, I will run sysupgrade and it will download the new packages, reboot, and install them. Couldn't be easier. I like OpenBSD because it has a small footprint and I add software as necessary. Unlike Linux they don't fiddle with how things are set in /etc ev

Re:

[Dadoo]

Linux keeps doing dumb shit like making nslookup and traceroute "legacy" applications now. Ifconfig has gone away and been replaced with "ip" which does exactly the same thing but with a slightly different syntax.

Agreed. And I wouldn't even care, if the BSDs were doing the same thing, but they aren't. It's like Linux programmers are going out of their way to be incompatible.

Re:

[Noryungi]

In production, pretty much anything that has to run reliably and without a hitch for years.

Firewalls, routers, DNS server, Email server, all of these running CARP to cluster these functions and prevent service interruption. SSH boxes as well

On OpenBSD, you don't have 'apt', you have 'pkg_add' for applications (pkg_add -i vim to install vim, for instance) 'syspatch' to apply security patches and 'sysupgrade' to upgrade from one version to the next. I have just used sysupgrade to upgrade machines from 7.2 to

Re:

[metrix007]

Everything that you do with OpenBSD, you can do with Linux, including having a hardened security installation - it just comes 'out of the box' with all the security bells and whistles

This is patently untrue. Linux has a lot more bugs and sloppy design decisions, but has far more security features.

OpenBSD puts a lot of effort into writing clean codes and eliminating bugs, but is sorely lacking in security features.

Re:

[Dadoo]

Add me to the list of people who was using it for a router at my company. Unfortunately, I discovered OpenBSD uses up a lot of CPU for networking. I changed it to FreeBSD and the CPU usage decreased by quite a bit.

But op...

[dasunt]

But op, tell us what you really think of OpenBSD.

OP and OpenBSD

[jddimarco]

Interesting that the OP dislikes OpenBSD so much that they use its latest release as an excuse to dump on it. Really? To me the post casts more of a negative light on the OP than it does on OpenBSD. Personally, I like OpenBSD enough to host one of its mirrors in my department. It's small, simple, straightforward, sensible about security and written by grownups. I run it on laptops, servers and SBCs. No, I don't try to use it for everything, it's not a full replacement for Linux or Windows or MacOS. That's fine: it's good work, and well worth a look.

philosophically speaking

[OrangeTide]

having things turned off by default is useful

Need a moderation option for OP

[ratbag]

So much bitterness. Get out the other side of the bed tomorrow.

WTF are you smoking?

[the_B0fh]

"still no real security features to help lock down a system"

WTF is wrong with this idiot? The *ENTIRE* OS is fucking locked down, and he wants some idiot scripts to do more "lock down"? Are you that fucking stupid?

Re:

[metrix007]

The entire OS is barely locked down, stop being such a zealot.

When OpenBSD had that remote root hole in the default install, if someone got root, there had absolute free reign.

OpenBSD has nothing to really protect against that, at least nothing close to what Linux offers.

Securelevels, pledge, unveil, chroot, none of that is sufficient.

gnarsh

[Tom]

although still no real security features to help lock down a system, no virtual machine support for non-OpenBSD guests and no modern file system.

All of which can be summed up as:

a) OpenBSD is already so far ahead in security, it's actually difficult to improve it further
b) there's a (security) reason to not do that. You'll figure it out eventually, roughly a few days after your (non-OpenBSD) system gets owned.

I'm a huge fan of OpenBSD not despite but because I've been a vocal supporter of a competing thingy - SELinux - from back when it was young, it wasn't yet built into distributions and the default configuration wasn't yet "we have this theoretic

Re:

[metrix007]

I've had discussions with you in the past, and despite you having a career in infosec (as do I), you made it clearly you have a pretty poor understanding of unix type OS security concepts, and this post is no exception.

OpenBSD is great for writing clean code and trying to prevent bugs, but it offers almost nothing in the event that there is a bug. chroots and securelevels and such are inadequate, while pledge and unveil require the developer to opt-in.

Honestly, If I wanted a BSD that I could feel more confi

R&D

[krisbrowne42]

No matter your feelings about the BSDs, especially OpenBSD, they are often at the forefront of new features that eventually make it to Linux... Linux still treats ext4 and xfs as the new hotness, when FreeBSD has the best ZFS implementation around... And without OpenBSD we wouldn't have LibreSSL or OpenSSH.

Re:Weird post

[ByTor-2112]

I find configuring any Linux system to be ridiculously over-complicated compared to my beloved FreeBSD. You don't just put stuff in fstab and have it mount, your interfaces are configured in ten different places with a million weird options, you use GUIDs everywhere because for some reason things don't have stable names, and all the configuration files that systemd places everywhere that requires obscure knowledge to figure out. It takes me ten times as long to fix any problem on a Linux system than on my FreeBSD systems. You guys are just xkcd/927 it out year after year after year, it's quite hilarious if you think about it. All that wasted time and energy.

The decision to mix non-base packages with /usr instead of isolating them to /usr/local is at once immensely frustrating and also mindblowingly stupid. In FreeBSD, I can mount / and /usr readonly and still install/packages as long as /var and /usr/local are rw. If I want to build ports or system, just add /usr/ports (or use poudriere), /usr/src and /usr/obj -- all mount points that will never pollute my base system. I just don't get how any self-respecting OCD can stand Linux. It's like reading bad code.

I could go on and on, but over 20 years ago I switched from Linux to FreeBSD and instantly knew that someone or group of someones had really thought out all the details in exactly the obsessive-compulsive way they should have. It's beautiful, absolutely beautiful. On the other hand, a Linux distribution is what you get if a bunch of software is haphazardly glued together over and over. You probably think this is hyperbole, but it's that different. Sure you can just ignore this and use your ready-to-go distro, but under the hood it's still there.

Re:

[iAmWaySmarterThanYou]

And we know that stuff simply never breaks and is easier to setup and manage. And when it dies break....

Re:

[iAmWaySmarterThanYou]

You said windows > Linux.

Re:

[Noryungi]

They [OpenBSD] have a track record. A lot of people who work in computer security look up to them.

Unlike you, random /. user named "polotheclown".