johnklos 13 hours ago

This points out something we forget at times: being a fan of a thing shouldn't mean we have to suffer for it.

NetBSD doesn't have GPU compute capabilities, plus browser DRM is a PITA, so I run macOS, too. If I have to choose between not doing a thing at all and doing it in a less enjoyable environment, it's only my own foot that suffers were I to choose not doing it at all.

What really matters here is that systems shouldn't crash or panic at all, ever, or if they do, the filesystems used shouldn't lose data or otherwise become corrupt. We left the lack of memory protection in the '80s (some of us the '90s), so there's no excuse if the hardware isn't faulty.

So I have to wonder why the OpenBSD folks, who prioritize security over speed, for example, wouldn't prioritize stability over everything except possibly security (I'd rather a panic than a compromise) and spend some energy looking in to these issues and fix them?

Why wouldn't any filesystem corruption (which could have security implications if the corruption can be controlled) and/or data loss be considered a sign of other deep issues and be made a high priority at OpenBSD?

Perhaps Solène's writeup will be a good wake-up call for the OpenBSD people.

  • cenamus 12 hours ago

    I suspect a lot just comes down to manpower... While extremely important the FS currently works "good" enough (although there were/are efforts to port HAMMER2).

    But I share the frustrations, all these little papercuts really add up and I only use OpenBSD in server settings nowadays

    • danieldk 12 hours ago

      Good enough? As far as I could gather, they never implemented FFS/UFS journaling and removed support for soft updates. If that’s incorrect, I apologize for this comment.

      So, they basically have a filesystem that operates like it did in the ninetees, unclean shutdown and you have to go through a full fsck and hope for the best. Most people who used some Unix before journaling would never want to go back.

      • sillywalk 9 hours ago

        > removed support for soft updates

        Yes, back in July 2023[0][1]:

        "Make softdep mounts a no-op

        Softdep is a significant impediment to progressing in the vfs layer so we plan to get it out of the way. It is too clever for us to continue maintaining as it is."

        From OpenBSD developer Marc Espie, :

        "The big issue with softdep is that it has tendrils everywhere, and since we didn't convince Kirk* to move over to OpenBSD, it tends to be a big hindrance in fixing everything else instead of helping.

        The buffercache, the pagedaemon, the swapper, unlocking subsystems.

        Hopefully, all these have a chance of being done by a human with softdep gone."

        * Kirk being Marshall Kirk McKusick (FreeBSD) developer and creator of Soft Updates

        A quick check of openbsd-cvs shows they're still removing softdep/soft updates stuff a year later. [2]

        [0] https://undeadly.org/cgi?action=article;sid=20230706044554

        [1] https://marc.info/?l=openbsd-cvs&m=168856997929968

        [2] https://marc.info/?l=openbsd-cvs&m=172060271505315

    • wannacboatmovie 11 hours ago

      I've had OBSD VMs trash themselves to the point they needed a reinstall, all from an improper shutdown.

      Is it entitled to say that is not "good enough"?

      What's worse, the OBSD team is not very supportive of VMs to being with, so that would catch the blame.

      Security aside, the Dream of the 90s Is Alive with OpenBSD.

jmclnx 13 hours ago

Sorry to see Solène Rapenne move on, I wish her success going forward. She has been a great asset to the OpenBSD team. But glad she will still try and help them out a bit.

But in a way she has a point :( Just a few weeks ago I had a panic with 7.6 and half my files in /home disappeared. In the past I never lost data on an fsck, plus I never had a panic in many years. But glad I clone /home to another device daily :)

But I still will use OpenBSD for testing items I develop on Linux. It is a great help finding issues where Linux will ignore some bugs I insert.

  • andrewflnr 12 hours ago

    That's insane. Note to self, never use openbsd where I can't reconstruct the system from scratch.

    • prmoustache 11 hours ago

      Never use any OS where you can't reconstruct system from scratch.

    • jmclnx 11 hours ago

      Well crap happens :)

      There are many issues that can cause problems, I have seen worse things happen at work over the decades. In this case, I fully believe it is a one-off occurrence.

      On my other Laptop, and old T420 with only OpenBSD, I never had a panic or lost files. Even after moving to 7.6.

      But was saying, I can see her point when your professional livelihood depends upon what system you use.

eyberg 12 hours ago

> flatpak: I really like software distribution done with flatpak, packages are all running in their own namespace, they can't access all the file system, you can roll back to a previous version, and do some interesting stuff

As of today flatpak still has holes you can drive a truck through.

  • burnt-resistor 12 hours ago

    I still don't understand the slapdash approach the desktop Linux crowd took, Qubes is a much better approach. Such unprofessional software engineering pervades FLOSS with the worn and tired "but it's a hobby project" when it's a core dependency necessary for international corporate, government, and military strategic systems. (I also don't understand the lack of appropriate support for critical projects either, but it makes sense because of decline, entitlement, corruption, and greed.)

    I had to shout and scream at docker early on for container image integrity, but that fell on deaf ears. Heck, Python even threw away GPG to roll their own sketchy setup and Ruby doesn't even care about package integrity or supply chain attacks.

  • Melonai 11 hours ago

    Could you link some related Flatpak issues where this happens? I've been under the impression that security under bwrap could be relatively acceptable and mostly the same as running containers (aside from all the portals).

    I haven't been using Flatpak, but was recently thinking about it.

  • 1oooqooq 12 hours ago

    flatpack for isolation is a joke. All the file duplication, none of the security. Not to mention nothing that depends on camera, screen cap, etc will ever get close to working.

    Just accepting there's no easy solution, and do aparmour+firejail. It's awful user experience, but at least only once per application. Then it is perfect. There should be a distro like qubes but where everything must have either a firejail profile or a hardened systemd unit file (which is the worse designed/documented thing in the universe, taking the place of X11). That would be the ideal world.

    • znpy 12 hours ago

      To be hones I appreciate flatpak for software distribution. Afaik (correct me if I’m wrong) some degree of security is implemented through selinux (i’m on fedora).

      • 1oooqooq 11 hours ago

        > implemented through selinux

        Yes, you are technically right, but you are wrong only in the sense that most packs either do not ship with a selinux policy or ship with some just-added-whatever policy.

        > I appreciate flatpak for software distribution

        Flatpack is for distributors. Not end users or for the benefit of the end system running them. There are already too much written about this. The lax state of selinux policies is also a result of this focus.

        PS: you will see my top comment get downvoted by the distributors who enjoy to offload the burden to end users, without offering any counter argument.

jwrallie 8 hours ago

The name is familiar, I learned a couple of things from Solène in the Qubes OS forums. Many thanks in case you see this.

I think OpenBSD has a big advantage (to me at least) that it’s the OS I really want to use, but I could never find a place for it for the reasons described. It just doesn’t fit my use cases except on the philosophy department!

In fact I had to leave Qubes OS for different reasons: strange behavior with USB devices, perceptible latency, would not sleep properly when running on battery, Windows VM would freeze on wake up from sleep. Small things but very annoying.

Maybe I just got bad luck with hardware (Thinkpad X260), or I just don’t have the time to troubleshoot it anymore.

Anyway, I’m having a great honeymoon period with OpenSuse now. I’ve chosen it mainly for great filesystem snapshot support. It seems this time everything missing on the repositories are covered on flatpak, and things that usually give me trouble (for example IME support) simply worked. I loved the Xfce theme. I’ll probably be staying for a while.

jms703 13 hours ago

Makes sense. I've always assumed that OpenBSD has a very narrow use case anyway. I love it for a network firewall because the configuration files are sane and easy to understand (stares at systemd networkd). I set it and forget it.

  • 1oooqooq 12 hours ago

    it is easier to setup a openbsd vm and have it handle all the network routing and wireguard stuff, than it is to simply disable the unrequested zeroconf stuff included in systemd-networkd/resolvd.

    • binkHN 12 hours ago

      A while I'm a fan of OpenBSD where it makes sense, there's also more than one Linux distribution that does not have systemd and the related madness.

      • 1oooqooq 11 hours ago

        I personally think systemd, which I despise, won and effort would be better allocated trying to improve it (e.g. ripping the zero conf stuff from it to begin with)

pram 12 hours ago

“I can not do that on OpenBSD without a huge headache and very bad performance.”

This applies to practically everything, not just virtualization!

maximilianburke 13 hours ago

Journaling filesystems have been around for decades now; I don't think I've had a data loss incident since I stopped using Windows 98? I know it's volunteer driven but it seems like working on data integrity might be more of a benefit for security than some of the gimmicks like TRAPSLED.

  • mrweasel 12 hours ago

    OpenBSD had Soft Updates, which isn't really journaling but sort of similar. It was suppose to help with with file system integrity, in the case of crashes. OpenBSD removed it last year because it got in the way of VFS updates, and was hard for the team to maintain[1].

    I love OpenBSD, but it really does need a modern filesystem. The current team might be to small or just not have the right people to do a new filesystem. HammerFS2 could maybe be ported (and one has to wonder if that's not one of the thing that would requires VFS layer updates). Much of the current work on filesystems are being poured into GPL licensed code or ZFS, which also have an unfortunate license, so OpenBSD either has to borrow HammerFS, or do their own thing, which they probably don't have the resources for.

    1) https://undeadly.org/cgi?action=article;sid=20230706044554

    • 1oooqooq 12 hours ago

      BSDs bet on permissive license hoping companies would drop code on them. Turned out companies were either using linux or dumping abandoned code as GPL to strategically keep out of competitors.

      BSD licenses were a thing before GPL lost the final battle, when linus accepted the tainted-kernel compromise. Now it's a relic of a bygone time, which show allegiance to a side on a war that no longer matters.

  • 1oooqooq 12 hours ago

    Most setups nowadays do full disk encryption outside of the FS, so the journal doesn't help much.

    If you have SSD->LUKS->GPT->LVM->Ext4, then a bug on any of the (newer, buggier) components before your journaled FS means you lost data.

    • chikere232 12 hours ago

      The journal does what it's supposed to, doesn't it? I.e: keep the file system from breaking on panics, or power loss. Sure it doesn't protect you against a corruption bug in LVM et al., but that doesn't make it useless.

    • adastra22 12 hours ago

      Any examples of that happening in the wild?

      • 1oooqooq 12 hours ago

        Yes, if you search for people trying to mount a LUKS volume image readonly to then try (somewhat successfully in my case) to get data from the journal or run destructive fsck operations, you will find lots and lots of examples.

    • wannacboatmovie 11 hours ago

      > If you have SSD->LUKS->GPT->LVM->Ext4, then a bug on any of the (newer, buggier) components before your journaled FS means you lost data

      And yet it's never happened to me. Dozens upon dozens of systems. Linux or Windows or Mac for that matter.

      I've toted around a laptop with whole disk encryption for > 15 years and never lost data. Not once. Even after a forced power off.

      I have, however, lost data to major FS corruption on an OpenBSD system with no encryption whatsoever. More than once. Still using ancient MBR and legacy boot because, well, OpenBSD.

      • 1oooqooq 10 hours ago

        > I've toted around a laptop with whole disk encryption for > 15 years and never lost data.

        me too. Until I did. Negative anecdotes in a discussion about rare events are unhelpful.

        My point is not that journaling is useless and should be dropped (I only use openBSD in things that are either readonly storage or virtualized on a host which does have proper FS). My point is that the "new setup" used by most distros introduced a lot of things that are above the journal. We have been rocking FDE for over 10yr, but the mass of people with crappy hardware and who just unplug their computers are only exposed to FDE for the past couple years.

        • wannacboatmovie 6 hours ago

          My experience with LUKS robustness is less so, but I've uncleanly powered off many a laptop with BitLocker, FileVault, and commercial encryption with no ill effects.

      • binkHN 4 hours ago

        > Still using ancient MBR and legacy boot because, well, OpenBSD.

        OpenBSD supports UEFI.

yyyk 12 hours ago

It seems her biggest issue by far is bad VM hosting, followed by the filesystem (the latter being possibly an hardware compat issue). Everything else seems tertiary or downstream from the big one.

Better VM hosting would enable a big usecase directly, enable the software separation she likes, ameliorate a good part of the battery issues (as that's what she often uses the OS for), and with passthrough maybe even help work around the other hw support issues.

Given how critical virtualization is to security anyway, it sounds like a topical thing for OpenBSD folks to put directly into the OS (a la bhyve).

k_roy 10 hours ago

This was interesting to me.

> I have grievances against OpenBSD file system. Every time OpenBSD crash, and it happens very often for me when using it as a desktop, it ends with file corrupted or lost files. This is just not something I can accept.

Doesn’t openbsd use a fancy-ish ZFS type file system?

I have the same grievance with XFS on Linux though. For as much as people say how awesome it is, the few nodes I have running XFS are the least reliable pieces of garbage on a hard power off and a pain to get back up (if I don’t just nuke it anyway)

  • from-nibly 10 hours ago

    I wonder if xfs caused all of my disk reliability issue when I used it inside longhorn. Never again will I trust my data to either of those systems. Maybe one of them is innocent, but I don't care.

    • k_roy 8 hours ago

      XFS on longhorn is double trouble for me. And mostly what made me realize XFS is trash.

      I use longhorn on ext4 and never have issues at all

  • binkHN 4 hours ago

    Nope. FFS2.

lcall 11 hours ago

Another recent discussion (fewer comments): https://news.ycombinator.com/item?id=42201302

Also FWIW, I use OpenBSD as my daily driver, and I like it especially due to the security (I separate user-level activities, including net browsing, by account), and have not had the crashing or filesystem issues, fortunately. Her points are probably valid though, as my demands of the system are less than hers.

knowitnone 12 hours ago

I expect to see lots of people jumping in to defend OpenBSD right about now...

zbyforgotp 12 hours ago

I keep a special laptop for all financial stuff. It is not that expensive and the inconvenience is limited. And on it I have CubesOS, but I guess OpenBSD would also be a good choice.

  • prmoustache 11 hours ago

    I assume you meant QubesOS not CubesOS which I don't know of. You can totally run QubesOS as a host, it helps for hardware compat and fs perf/stability, and run OpenBSD alongside Fedora or Debian VMs as guests.

walrus01 13 hours ago

Something like 99% of the use cases I've seen for OpenBSD are servers that have no keyboard, mouse, video, audio or other plugged into them. It's completely unsurprising that bluetooth and gamepad support isn't a priority.

  • 1oooqooq 12 hours ago

    > It's completely unsurprising that bluetooth and gamepad support isn't a priority.

    The Bluetooth stack on linux is literal code trhown away from qalcomm (or was it broadcom?) with dbus on top. But since they dumped it as GPL it won't reach BSDs.

  • jwrallie 8 hours ago

    That might be true, still to defend OpenBSD, it’s smooth sailing trying to run a desktop on OpenBSD compared to let’s say FreeBSD.

    The rumor is that OpenBSD devs run it on Thinkpads while most FreeBSD devs are using MacOS as their main OS.

  • 0points 12 hours ago

    Yea, I noted that too.

    As a gamer & dev running Linux, I pass-through bluetooth hardware into a gaming VM for controllers and don't even have bluetooth stack on host.

  • anthk 5 hours ago

    Gamepads work.

paulnpace 12 hours ago

Does working on the OpenBSD team require using OpenBSD on your daily desktop?

plagiarist 12 hours ago

I like Linux a lot but personally I am starting to get frustrated with rootless containers. It is frustrating one has to have higher privileges running the container to make it have its own IP address inside the container. It's frustrating you cannot have the container read and write on the filesystem as the UID running the container unless the process inside is root.

I might have a better experience with VMs but every system seems like a lot of effort to just get something running. And after that the object is not as disposable as I'd like. My favorite tool for VMs so far is Incus. I'm planning on looking into Firecracker this weekend for fun.

Unrelated, but regarding:

> I understand it can make some people angry as they have to learn how to use it.

I don't think that's a significant part of what is upsetting anyone.

  • 1oooqooq 12 hours ago

    because containers are not the solution you want. That is just Docker Enterprise marketing at this point.

    Future of desktop security is on namespaces and bind, etc. Use aparmour, firejail, systemd unit file hardening. You will suffer less.

    Containers and flatpacks are much more convenient, but only because you are not getting what you think you are getting. so.

TacticalCoder 11 hours ago

> I need to experiment and learn with a lot of stuff, this includes OCI containers

OK understandable ofc.

> Running virtual machines on OpenBSD is really limited, running programs headless with one core and poor performance is not a good incentive to work at staying sharp.

Can someone explain this a bit more? I mean: I also run both VMs and OCI containers (well, Docker really atm) but what's that about "headless with one core" OpenBSD thing?

OpenBSD can run a VM but it's limited to one core and there can be no GPU passthrough? Is that what she means? That she can only access the VMs through the network?

No GPU passthrough would indeed be kinda a deal breaker for me too.

> I moved from OpenBSD to Qubes OS for almost everything

(a bit of a rant but it's related to TFA from a "what a dev may need" point of view)

I like that Qubes OS focuses on security, something which, for example, Proxmox seems to have an interest approaching about zero. Sure you can contenairize and virtualize but the Proxmox host itself, the "hypervisor" has countless ports open by default "because you'll need them for insecure lots of insecure protocols here and the entire Proxmox security seems to rely on only the firewall. Firewall which, moreover, sometimes resets by itself to "ACCEPT" everything by default.

I run Proxmox on a server and I did a proof-of-concept, running Proxmox as my desktop, using GPU passthrough from a VM to my main display (requires quite a bit of setup and settings and may or may not work on some hardware, but it's darn sweet when it works: one GPU for the host, one GPU for the guest(s)). It works. I know some are using that setup (including some Proxmox devs) on their workstation. But, sheesh, does the Proxmox team seem to care more about a shiny UI than security.

So, basically to be too far from TFA: leaving OpenBSD (considered to be ultra secure) for QubeOS... Does QubeOS really deliver more on security compared to another efficient alternative, like Proxmox? (don't get me wrong: I know that QubeOS is meant to be a desktop, which Proxmox not so much... I just wonder if QubeOS is really secure compared to OpenBSD).

In this day and age of AI models (for those who want to run some locally) requiring fat GPUs and lots of configuration on the software side and with the pace at which new models are coming out, I think nothing beats an hypervisor and VMs using GPU(s) passthrough. This way you can quickly test new models, install tens of them, backup working VMs or containers, etc.

I can see how OpenBSD is negatively affected by that: a 4090 or 5090 (or two in the same machine FWIW: a friend of mine runs just that, two 4090 using GPU passthrough) is quite something. The world, atm, shifted towards GPU. That's why NVidia is enjoying such a market cap.

Although Bluetooth and gamepad do not matter, it looks like OpenBSD may be missing something here if the GPU and GPU passthrough story is subpar.

In a "the world is moving" way.

At least in my case, after reading a TFA like this, I don't see why I'd run OpenBSD... Except as a firewall in front of my Proxmox machines (which badly need that) ; )

P.S: don't mistake this rant for me not loving Proxmox. It's just that I wished they cared less about "shiny" and "convenience" and more about not opening every single port and service under the sun on the host. Something which QubeOS may be better at.

Croftengea 13 hours ago

TL;DR: OpenBSD is bad as a desktop (no bluetooth, limited gamepad support, etc).

  • regularfry 13 hours ago

    Sounds like it's not great as a server either, if the virtualisation support still isn't up to scratch.

    • BSDobelix 13 hours ago

      And losing files after a crash is something that hasn't happened to me for at least a decade (not with NTFS,ZFS(FreeBSD),UFS2(FreeBSD), ext4 or XFS), maybe rip out soft updates was a bad idea?

    • paulnpace 12 hours ago

      She states in that post she had issues running virtual machines on OpenBSD. This isn't the same running OpenBSD in a virtual environment.

      • mrweasel 12 hours ago

        I think the reference was to VMM, OpenBSDs own hypervisor.

    • nicce 13 hours ago

      Usually you use it as firewall or router in bare metal.

      • p_l 12 hours ago

        And it was starting to stupidly lag for those use cases by 2007, because after some point you start care about firewall/router performance too...

        • technofiend 12 hours ago

          I adore OpenBSD because it's so lightweight, but I dropped it for FreeBSD when the same hardware couldn't max out a 1 gigabit connection running OpenBSD but could with Free. Since then they have made network changes so I'll probably try again even though the bar's moved and now I need 2.5 gigabit connections to be saturated. Happy to give it a chance anyway.

          • p_l 10 hours ago

            I just remember considering it for routing/firewalling duties about 2007, grabbing then-current performance optimization guide, and finding whole chapter in how to force irq sharing so that interrupts from any NIC will trigger driver code from all NICs...

  • prmoustache 10 hours ago

    I can't argue about gamepad support although I would say it is less desktop territory than console/steam machine territory. But for bluetooth support there are definitely good workaround with those usb class compliant soundcards that autoconnect to nearby bt headset/speakers.[1]

    [1] I assume you would want to use bluetooth for audio only because anything else usually sucks and can be done better/faster/more reliably with wifi or USB.