 |
Title: Why I stopped using OpenBSD |
|
Author: Solène |
|
Date: 15 November 2024 |
|
Tags: openbsd linux life |
|
Description: In this blog post, I share my experience and why I stopped |
|
using OpenBSD |
|
|
|
# Introduction |
|
|
|
Last month, I decided to leave the OpenBSD team as I have not been |
|
using OpenBSD myself for a while. A lot of people asked me why I |
|
stopped using OpenBSD, although I have been advocating it for a while. |
|
Let me share my thoughts. |
|
|
|
First, I like OpenBSD, it has values, and it is important that it |
|
exists. It just does not fit all needs, it does not fit mine anymore. |
|
|
|
# Issues |
|
|
|
Here is a short list of problems that, while bearable when taken |
|
individually, they summed up to a point I had to move away from |
|
OpenBSD. |
|
|
|
## Hardware compatibility |
|
|
|
* no Bluetooth support |
|
* limited game pad support (not supported by all programs, not all game |
|
pad will work) |
|
* battery life / heat / power usage (OpenBSD draws more power than |
|
alternatives, by a good margin) |
|
|
|
## Software compatibility |
|
|
|
As part of staying relevant on the DevOps market, I need to experiment |
|
and learn with a lot of stuff, this includes OCI containers, but also |
|
machine learning and some weird technologies. Running virtual machines |
|
on OpenBSD is really limited, running programs headless with one core |
|
and poor performance is not a good incentive to work at staying sharp. |
|
|
|
As part of my consultancy work, I occasionally need to run proprietary |
|
crap, this is not an issue when running it in a VM, but I can not do |
|
that on OpenBSD without a huge headache and very bad performance. |
|
|
|
## Reliability |
|
|
|
I have grievances against OpenBSD file system. Every time OpenBSD |
|
crash, and it happens very often for me when using it as a desktop, it |
|
ends with file corrupted or lost files. This is just not something I |
|
can accept. |
|
|
|
Of course, it may be some hardware compatibility issue, I never have |
|
issues on an old ThinkPad T400, but I got various lock up, freeze or |
|
kernel panic on the following machines: |
|
|
|
* ThinkPad X395 |
|
* ThinkPad t470 |
|
* ThinkPad t480 |
|
* ryzen 5600X + AMD GPU (desktop) |
|
|
|
Would you like to keep using an operating system that daily eat your |
|
data? I don't. Maybe I am doing something weirds, I don't know, I |
|
have never been able to pinpoint why I got so many crashes although |
|
everyone else seem to have a stable experience with OpenBSD. |
|
|
|
# Moving to Linux |
|
|
|
I moved from OpenBSD to Qubes OS for almost everything (except playing |
|
video games) on which I run Fedora virtual machines (approximately 20 |
|
VM simultaneously in average). This provides me better security than |
|
OpenBSD could provide me as I am able to separate every context into |
|
different spaces, this is absolutely hardcore for most users, but I |
|
just can't go back to a traditional system after this. |
|
|
 |
Earlier blog post: Why one would use Qubes OS? |
|
|
|
In addition, I have learned the following Linux features and became |
|
really happy of it: |
|
|
|
* namespaces: being able to reduce the scope of a process is incredibly |
|
powerful, this is something that exists in Linux since a very long |
|
time, this is also the foundation for running containers, it is way |
|
better than chroots. |
|
* cgroups: this is the name of the kernel subsystem that is responsible |
|
for resource accounting, with it, it is possible to get access to |
|
accurate and reliable monitoring. It is possible to know how much |
|
network, i/o, CPU or memory have been used by a process. From an |
|
operator point of view, it is really valuable to know exactly what is |
|
consuming resources when looking at the metrics. Where on OpenBSD you |
|
can notice a CPU spike at some timestamp, on Linux you would be able to |
|
know which user used the CPU. |
|
* systemd: journald, timers and scripting possibilities. I need to |
|
write a blog post about this, systemd is clearly disruptive, but it |
|
provides many good features. I understand it can make some people |
|
angry as they have to learn how to use it. The man pages are good |
|
though. |
|
* swap compression: this feature allows me to push my hardware to its |
|
limit, with lz4 compression algorithm, it is easy to get access to |
|
**extremely** fast swap paid with some memory. The compression ratio |
|
is usually 3:1 or 4:1 which is pretty good. |
|
* modern storage backend: between LVM, btrfs and ZFS, there are super |
|
nice things to achieve depending on the hardware, for maximum |
|
performance / reliability and scalability. I love transparent |
|
compression as I can just store more data on my hardware. (when it's |
|
compressible of course). |
|
* flatpak: I really like software distribution done with flatpak, |
|
packages are all running in their own namespace, they can't access all |
|
the file system, you can roll back to a previous version, and do some |
|
interesting stuff |
|
* auditd: this is a must-have for secure environments, it allows |
|
logging all accesses matching some rules (like when was accessed this |
|
arbitrary file, when that file is modified, etc...). This does not |
|
even exist in OpenBSD (maybe if you can run ktrace on pid 1 you could |
|
do something?). This kind of feature is a basic requirement for many |
|
qualified secure environments. |
|
* SELinux: although many people disable it immediately after the first |
|
time it gets on their way (without digging further), this is a very |
|
powerful security mechanism that mitigates entire classes of |
|
vulnerabilities. |
|
|
|
When using a desktop for gaming, I found Fedora Silverblue to be a very |
|
solid system with reliable upgrades, good quality and a lot of software |
|
choice. |
|
|
|
# Conclusion |
|
|
|
I got too many issues with OpenBSD, I wanted to come back to it twice |
|
this year, but I just have lost 2 days of my life due to all the |
|
crashes eating data. And when it was working fine, I was really |
|
frustrated by the performance and not being able to achieve the work I |
|
needed to do. |
|
|
|
But as I said, I am glad people there are happy OpenBSD users who enjoy |
|
it and have a reliable system with it. From the various talks I had |
|
with users, the most common (by far) positive fact that make OpenBSD |
|
good is that users can understand what is going on. This is certainly |
|
a quality that can only be found in OpenBSD (maybe NetBSD too?). |
|
|
|
I will continue to advocate OpenBSD for situations I think it is |
|
relevant, and I will continue to verify OpenBSD compatibility when |
|
contributing to open source software (last in date is Peergos). This |
|
is something that matters a lot for me, in case I go back to OpenBSD |
|
:-) |
