This points out something we forget at times: being a fan of a thing shouldn't mean we have to suffer for it.
NetBSD doesn't have GPU compute capabilities, plus browser DRM is a PITA, so I run macOS, too. If I have to choose between not doing a thing at all and doing it in a less enjoyable environment, it's only my own foot that suffers were I to choose not doing it at all.
What really matters here is that systems shouldn't crash or panic at all, ever, or if they do, the filesystems used shouldn't lose data or otherwise become corrupt. We left the lack of memory protection in the '80s (some of us the '90s), so there's no excuse if the hardware isn't faulty.
So I have to wonder why the OpenBSD folks, who prioritize security over speed, for example, wouldn't prioritize stability over everything except possibly security (I'd rather a panic than a compromise) and spend some energy looking in to these issues and fix them?
Why wouldn't any filesystem corruption (which could have security implications if the corruption can be controlled) and/or data loss be considered a sign of other deep issues and be made a high priority at OpenBSD?
Perhaps Solène's writeup will be a good wake-up call for the OpenBSD people.
I suspect a lot just comes down to manpower... While extremely important the FS currently works "good" enough (although there were/are efforts to port HAMMER2).
But I share the frustrations, all these little papercuts really add up and I only use OpenBSD in server settings nowadays
Good enough? As far as I could gather, they never implemented FFS/UFS journaling and removed support for soft updates. If that’s incorrect, I apologize for this comment.
So, they basically have a filesystem that operates like it did in the ninetees, unclean shutdown and you have to go through a full fsck and hope for the best. Most people who used some Unix before journaling would never want to go back.
Softdep is a significant impediment to progressing in the vfs layer
so we plan to get it out of the way. It is too clever for us to
continue maintaining as it is."
From OpenBSD developer Marc Espie, :
"The big issue with softdep is that it has tendrils everywhere, and since we didn't convince Kirk* to move over to OpenBSD, it tends to be a big hindrance in fixing everything else instead of helping.
The buffercache, the pagedaemon, the swapper, unlocking subsystems.
Hopefully, all these have a chance of being done by a human with softdep gone."
* Kirk being Marshall Kirk McKusick (FreeBSD) developer and creator of Soft Updates
A quick check of openbsd-cvs shows they're still removing softdep/soft updates stuff a year later. [2]
Sorry to see Solène Rapenne move on, I wish her success going forward. She has been a great asset to the OpenBSD team. But glad she will still try and help them out a bit.
But in a way she has a point :( Just a few weeks ago I had a panic with 7.6 and half my files in /home disappeared. In the past I never lost data on an fsck, plus I never had a panic in many years. But glad I clone /home to another device daily :)
But I still will use OpenBSD for testing items I develop on Linux. It is a great help finding issues where Linux will ignore some bugs I insert.
There are many issues that can cause problems, I have seen worse things happen at work over the decades. In this case, I fully believe it is a one-off occurrence.
On my other Laptop, and old T420 with only OpenBSD, I never had a panic or lost files. Even after moving to 7.6.
But was saying, I can see her point when your professional livelihood depends upon what system you use.
> flatpak: I really like software distribution done with flatpak, packages are all running in their own namespace, they can't access all the file system, you can roll back to a previous version, and do some interesting stuff
As of today flatpak still has holes you can drive a truck through.
I still don't understand the slapdash approach the desktop Linux crowd took, Qubes is a much better approach. Such unprofessional software engineering pervades FLOSS with the worn and tired "but it's a hobby project" when it's a core dependency necessary for international corporate, government, and military strategic systems. (I also don't understand the lack of appropriate support for critical projects either, but it makes sense because of decline, entitlement, corruption, and greed.)
I had to shout and scream at docker early on for container image integrity, but that fell on deaf ears. Heck, Python even threw away GPG to roll their own sketchy setup and Ruby doesn't even care about package integrity or supply chain attacks.
Could you link some related Flatpak issues where this happens? I've been under the impression that security under bwrap could be relatively acceptable and mostly the same as running containers (aside from all the portals).
I haven't been using Flatpak, but was recently thinking about it.
flatpack for isolation is a joke. All the file duplication, none of the security. Not to mention nothing that depends on camera, screen cap, etc will ever get close to working.
Just accepting there's no easy solution, and do aparmour+firejail. It's awful user experience, but at least only once per application. Then it is perfect. There should be a distro like qubes but where everything must have either a firejail profile or a hardened systemd unit file (which is the worse designed/documented thing in the universe, taking the place of X11). That would be the ideal world.
To be hones I appreciate flatpak for software distribution. Afaik (correct me if I’m wrong) some degree of security is implemented through selinux (i’m on fedora).
Yes, you are technically right, but you are wrong only in the sense that most packs either do not ship with a selinux policy or ship with some just-added-whatever policy.
> I appreciate flatpak for software distribution
Flatpack is for distributors. Not end users or for the benefit of the end system running them. There are already too much written about this. The lax state of selinux policies is also a result of this focus.
PS: you will see my top comment get downvoted by the distributors who enjoy to offload the burden to end users, without offering any counter argument.
The name is familiar, I learned a couple of things from Solène in the Qubes OS forums. Many thanks in case you see this.
I think OpenBSD has a big advantage (to me at least) that it’s the OS I really want to use, but I could never find a place for it for the reasons described. It just doesn’t fit my use cases except on the philosophy department!
In fact I had to leave Qubes OS for different reasons: strange behavior with USB devices, perceptible latency, would not sleep properly when running on battery, Windows VM would freeze on wake up from sleep. Small things but very annoying.
Maybe I just got bad luck with hardware (Thinkpad X260), or I just don’t have the time to troubleshoot it anymore.
Anyway, I’m having a great honeymoon period with OpenSuse now. I’ve chosen it mainly for great filesystem snapshot support. It seems this time everything missing on the repositories are covered on flatpak, and things that usually give me trouble (for example IME support) simply worked. I loved the Xfce theme. I’ll probably be staying for a while.
Makes sense. I've always assumed that OpenBSD has a very narrow use case anyway. I love it for a network firewall because the configuration files are sane and easy to understand (stares at systemd networkd). I set it and forget it.
it is easier to setup a openbsd vm and have it handle all the network routing and wireguard stuff, than it is to simply disable the unrequested zeroconf stuff included in systemd-networkd/resolvd.
I personally think systemd, which I despise, won and effort would be better allocated trying to improve it (e.g. ripping the zero conf stuff from it to begin with)
Journaling filesystems have been around for decades now; I don't think I've had a data loss incident since I stopped using Windows 98? I know it's volunteer driven but it seems like working on data integrity might be more of a benefit for security than some of the gimmicks like TRAPSLED.
OpenBSD had Soft Updates, which isn't really journaling but sort of similar. It was suppose to help with with file system integrity, in the case of crashes. OpenBSD removed it last year because it got in the way of VFS updates, and was hard for the team to maintain[1].
I love OpenBSD, but it really does need a modern filesystem. The current team might be to small or just not have the right people to do a new filesystem. HammerFS2 could maybe be ported (and one has to wonder if that's not one of the thing that would requires VFS layer updates). Much of the current work on filesystems are being poured into GPL licensed code or ZFS, which also have an unfortunate license, so OpenBSD either has to borrow HammerFS, or do their own thing, which they probably don't have the resources for.
BSDs bet on permissive license hoping companies would drop code on them. Turned out companies were either using linux or dumping abandoned code as GPL to strategically keep out of competitors.
BSD licenses were a thing before GPL lost the final battle, when linus accepted the tainted-kernel compromise. Now it's a relic of a bygone time, which show allegiance to a side on a war that no longer matters.
The journal does what it's supposed to, doesn't it? I.e: keep the file system from breaking on panics, or power loss. Sure it doesn't protect you against a corruption bug in LVM et al., but that doesn't make it useless.
Yes, if you search for people trying to mount a LUKS volume image readonly to then try (somewhat successfully in my case) to get data from the journal or run destructive fsck operations, you will find lots and lots of examples.
> If you have SSD->LUKS->GPT->LVM->Ext4, then a bug on any of the (newer, buggier) components before your journaled FS means you lost data
And yet it's never happened to me. Dozens upon dozens of systems. Linux or Windows or Mac for that matter.
I've toted around a laptop with whole disk encryption for > 15 years and never lost data. Not once. Even after a forced power off.
I have, however, lost data to major FS corruption on an OpenBSD system with no encryption whatsoever. More than once. Still using ancient MBR and legacy boot because, well, OpenBSD.
> I've toted around a laptop with whole disk encryption for > 15 years and never lost data.
me too. Until I did. Negative anecdotes in a discussion about rare events are unhelpful.
My point is not that journaling is useless and should be dropped (I only use openBSD in things that are either readonly storage or virtualized on a host which does have proper FS). My point is that the "new setup" used by most distros introduced a lot of things that are above the journal. We have been rocking FDE for over 10yr, but the mass of people with crappy hardware and who just unplug their computers are only exposed to FDE for the past couple years.
My experience with LUKS robustness is less so, but I've uncleanly powered off many a laptop with BitLocker, FileVault, and commercial encryption with no ill effects.
It seems her biggest issue by far is bad VM hosting, followed by the filesystem (the latter being possibly an hardware compat issue). Everything else seems tertiary or downstream from the big one.
Better VM hosting would enable a big usecase directly, enable the software separation she likes, ameliorate a good part of the battery issues (as that's what she often uses the OS for), and with passthrough maybe even help work around the other hw support issues.
Given how critical virtualization is to security anyway, it sounds like a topical thing for OpenBSD folks to put directly into the OS (a la bhyve).
> I have grievances against OpenBSD file system. Every time OpenBSD crash, and it happens very often for me when using it as a desktop, it ends with file corrupted or lost files. This is just not something I can accept.
Doesn’t openbsd use a fancy-ish ZFS type file system?
I have the same grievance with XFS on Linux though. For as much as people say how awesome it is, the few nodes I have running XFS are the least reliable pieces of garbage on a hard power off and a pain to get back up (if I don’t just nuke it anyway)
I wonder if xfs caused all of my disk reliability issue when I used it inside longhorn. Never again will I trust my data to either of those systems. Maybe one of them is innocent, but I don't care.
Also FWIW, I use OpenBSD as my daily driver, and I like it especially due to the security (I separate user-level activities, including net browsing, by account), and have not had the crashing or filesystem issues, fortunately. Her points are probably valid though, as my demands of the system are less than hers.
I keep a special laptop for all financial stuff. It is not that expensive and the inconvenience is limited. And on it I have CubesOS, but I guess OpenBSD would also be a good choice.
I assume you meant QubesOS not CubesOS which I don't know of. You can totally run QubesOS as a host, it helps for hardware compat and fs perf/stability, and run OpenBSD alongside Fedora or Debian VMs as guests.
Something like 99% of the use cases I've seen for OpenBSD are servers that have no keyboard, mouse, video, audio or other plugged into them. It's completely unsurprising that bluetooth and gamepad support isn't a priority.
> It's completely unsurprising that bluetooth and gamepad support isn't a priority.
The Bluetooth stack on linux is literal code trhown away from qalcomm (or was it broadcom?) with dbus on top. But since they dumped it as GPL it won't reach BSDs.
I like Linux a lot but personally I am starting to get frustrated with rootless containers. It is frustrating one has to have higher privileges running the container to make it have its own IP address inside the container. It's frustrating you cannot have the container read and write on the filesystem as the UID running the container unless the process inside is root.
I might have a better experience with VMs but every system seems like a lot of effort to just get something running. And after that the object is not as disposable as I'd like. My favorite tool for VMs so far is Incus. I'm planning on looking into Firecracker this weekend for fun.
Unrelated, but regarding:
> I understand it can make some people angry as they have to learn how to use it.
I don't think that's a significant part of what is upsetting anyone.
> I need to experiment and learn with a lot of stuff, this includes OCI containers
OK understandable ofc.
> Running virtual machines on OpenBSD is really limited, running programs headless with one core and poor performance is not a good incentive to work at staying sharp.
Can someone explain this a bit more? I mean: I also run both VMs and OCI containers (well, Docker really atm) but what's that about "headless with one core" OpenBSD thing?
OpenBSD can run a VM but it's limited to one core and there can be no GPU passthrough? Is that what she means? That she can only access the VMs through the network?
No GPU passthrough would indeed be kinda a deal breaker for me too.
> I moved from OpenBSD to Qubes OS for almost everything
(a bit of a rant but it's related to TFA from a "what a dev may need" point of view)
I like that Qubes OS focuses on security, something which, for example, Proxmox seems to have an interest approaching about zero. Sure you can contenairize and virtualize but the Proxmox host itself, the "hypervisor" has countless ports open by default "because you'll need them for insecure lots of insecure protocols here and the entire Proxmox security seems to rely on only the firewall. Firewall which, moreover, sometimes resets by itself to "ACCEPT" everything by default.
I run Proxmox on a server and I did a proof-of-concept, running Proxmox as my desktop, using GPU passthrough from a VM to my main display (requires quite a bit of setup and settings and may or may not work on some hardware, but it's darn sweet when it works: one GPU for the host, one GPU for the guest(s)). It works. I know some are using that setup (including some Proxmox devs) on their workstation. But, sheesh, does the Proxmox team seem to care more about a shiny UI than security.
So, basically to be too far from TFA: leaving OpenBSD (considered to be ultra secure) for QubeOS... Does QubeOS really deliver more on security compared to another efficient alternative, like Proxmox? (don't get me wrong: I know that QubeOS is meant to be a desktop, which Proxmox not so much... I just wonder if QubeOS is really secure compared to OpenBSD).
In this day and age of AI models (for those who want to run some locally) requiring fat GPUs and lots of configuration on the software side and with the pace at which new models are coming out, I think nothing beats an hypervisor and VMs using GPU(s) passthrough. This way you can quickly test new models, install tens of them, backup working VMs or containers, etc.
I can see how OpenBSD is negatively affected by that: a 4090 or 5090 (or two in the same machine FWIW: a friend of mine runs just that, two 4090 using GPU passthrough) is quite something. The world, atm, shifted towards GPU. That's why NVidia is enjoying such a market cap.
Although Bluetooth and gamepad do not matter, it looks like OpenBSD may be missing something here if the GPU and GPU passthrough story is subpar.
In a "the world is moving" way.
At least in my case, after reading a TFA like this, I don't see why I'd run OpenBSD... Except as a firewall in front of my Proxmox machines (which badly need that) ; )
P.S: don't mistake this rant for me not loving Proxmox. It's just that I wished they cared less about "shiny" and "convenience" and more about not opening every single port and service under the sun on the host. Something which QubeOS may be better at.
And losing files after a crash is something that hasn't happened to me for at least a decade (not with NTFS,ZFS(FreeBSD),UFS2(FreeBSD), ext4 or XFS), maybe rip out soft updates was a bad idea?
I adore OpenBSD because it's so lightweight, but I dropped it for FreeBSD when the same hardware couldn't max out a 1 gigabit connection running OpenBSD but could with Free. Since then they have made network changes so I'll probably try again even though the bar's moved and now I need 2.5 gigabit connections to be saturated. Happy to give it a chance anyway.
I just remember considering it for routing/firewalling duties about 2007, grabbing then-current performance optimization guide, and finding whole chapter in how to force irq sharing so that interrupts from any NIC will trigger driver code from all NICs...
I can't argue about gamepad support although I would say it is less desktop territory than console/steam machine territory. But for bluetooth support there are definitely good workaround with those usb class compliant soundcards that autoconnect to nearby bt headset/speakers.[1]
[1] I assume you would want to use bluetooth for audio only because anything else usually sucks and can be done better/faster/more reliably with wifi or USB.
This points out something we forget at times: being a fan of a thing shouldn't mean we have to suffer for it.
NetBSD doesn't have GPU compute capabilities, plus browser DRM is a PITA, so I run macOS, too. If I have to choose between not doing a thing at all and doing it in a less enjoyable environment, it's only my own foot that suffers were I to choose not doing it at all.
What really matters here is that systems shouldn't crash or panic at all, ever, or if they do, the filesystems used shouldn't lose data or otherwise become corrupt. We left the lack of memory protection in the '80s (some of us the '90s), so there's no excuse if the hardware isn't faulty.
So I have to wonder why the OpenBSD folks, who prioritize security over speed, for example, wouldn't prioritize stability over everything except possibly security (I'd rather a panic than a compromise) and spend some energy looking in to these issues and fix them?
Why wouldn't any filesystem corruption (which could have security implications if the corruption can be controlled) and/or data loss be considered a sign of other deep issues and be made a high priority at OpenBSD?
Perhaps Solène's writeup will be a good wake-up call for the OpenBSD people.
I suspect a lot just comes down to manpower... While extremely important the FS currently works "good" enough (although there were/are efforts to port HAMMER2).
But I share the frustrations, all these little papercuts really add up and I only use OpenBSD in server settings nowadays
Good enough? As far as I could gather, they never implemented FFS/UFS journaling and removed support for soft updates. If that’s incorrect, I apologize for this comment.
So, they basically have a filesystem that operates like it did in the ninetees, unclean shutdown and you have to go through a full fsck and hope for the best. Most people who used some Unix before journaling would never want to go back.
> removed support for soft updates
Yes, back in July 2023[0][1]:
"Make softdep mounts a no-op
Softdep is a significant impediment to progressing in the vfs layer so we plan to get it out of the way. It is too clever for us to continue maintaining as it is."
From OpenBSD developer Marc Espie, :
"The big issue with softdep is that it has tendrils everywhere, and since we didn't convince Kirk* to move over to OpenBSD, it tends to be a big hindrance in fixing everything else instead of helping.
The buffercache, the pagedaemon, the swapper, unlocking subsystems.
Hopefully, all these have a chance of being done by a human with softdep gone."
* Kirk being Marshall Kirk McKusick (FreeBSD) developer and creator of Soft Updates
A quick check of openbsd-cvs shows they're still removing softdep/soft updates stuff a year later. [2]
[0] https://undeadly.org/cgi?action=article;sid=20230706044554
[1] https://marc.info/?l=openbsd-cvs&m=168856997929968
[2] https://marc.info/?l=openbsd-cvs&m=172060271505315
I've had OBSD VMs trash themselves to the point they needed a reinstall, all from an improper shutdown.
Is it entitled to say that is not "good enough"?
What's worse, the OBSD team is not very supportive of VMs to being with, so that would catch the blame.
Security aside, the Dream of the 90s Is Alive with OpenBSD.
Sorry to see Solène Rapenne move on, I wish her success going forward. She has been a great asset to the OpenBSD team. But glad she will still try and help them out a bit.
But in a way she has a point :( Just a few weeks ago I had a panic with 7.6 and half my files in /home disappeared. In the past I never lost data on an fsck, plus I never had a panic in many years. But glad I clone /home to another device daily :)
But I still will use OpenBSD for testing items I develop on Linux. It is a great help finding issues where Linux will ignore some bugs I insert.
That's insane. Note to self, never use openbsd where I can't reconstruct the system from scratch.
Never use any OS where you can't reconstruct system from scratch.
Well crap happens :)
There are many issues that can cause problems, I have seen worse things happen at work over the decades. In this case, I fully believe it is a one-off occurrence.
On my other Laptop, and old T420 with only OpenBSD, I never had a panic or lost files. Even after moving to 7.6.
But was saying, I can see her point when your professional livelihood depends upon what system you use.
> flatpak: I really like software distribution done with flatpak, packages are all running in their own namespace, they can't access all the file system, you can roll back to a previous version, and do some interesting stuff
As of today flatpak still has holes you can drive a truck through.
Use flatseal with flatpak.
https://github.com/tchx84/Flatseal
I still don't understand the slapdash approach the desktop Linux crowd took, Qubes is a much better approach. Such unprofessional software engineering pervades FLOSS with the worn and tired "but it's a hobby project" when it's a core dependency necessary for international corporate, government, and military strategic systems. (I also don't understand the lack of appropriate support for critical projects either, but it makes sense because of decline, entitlement, corruption, and greed.)
I had to shout and scream at docker early on for container image integrity, but that fell on deaf ears. Heck, Python even threw away GPG to roll their own sketchy setup and Ruby doesn't even care about package integrity or supply chain attacks.
Could you link some related Flatpak issues where this happens? I've been under the impression that security under bwrap could be relatively acceptable and mostly the same as running containers (aside from all the portals).
I haven't been using Flatpak, but was recently thinking about it.
flatpack for isolation is a joke. All the file duplication, none of the security. Not to mention nothing that depends on camera, screen cap, etc will ever get close to working.
Just accepting there's no easy solution, and do aparmour+firejail. It's awful user experience, but at least only once per application. Then it is perfect. There should be a distro like qubes but where everything must have either a firejail profile or a hardened systemd unit file (which is the worse designed/documented thing in the universe, taking the place of X11). That would be the ideal world.
To be hones I appreciate flatpak for software distribution. Afaik (correct me if I’m wrong) some degree of security is implemented through selinux (i’m on fedora).
> implemented through selinux
Yes, you are technically right, but you are wrong only in the sense that most packs either do not ship with a selinux policy or ship with some just-added-whatever policy.
> I appreciate flatpak for software distribution
Flatpack is for distributors. Not end users or for the benefit of the end system running them. There are already too much written about this. The lax state of selinux policies is also a result of this focus.
PS: you will see my top comment get downvoted by the distributors who enjoy to offload the burden to end users, without offering any counter argument.
The name is familiar, I learned a couple of things from Solène in the Qubes OS forums. Many thanks in case you see this.
I think OpenBSD has a big advantage (to me at least) that it’s the OS I really want to use, but I could never find a place for it for the reasons described. It just doesn’t fit my use cases except on the philosophy department!
In fact I had to leave Qubes OS for different reasons: strange behavior with USB devices, perceptible latency, would not sleep properly when running on battery, Windows VM would freeze on wake up from sleep. Small things but very annoying.
Maybe I just got bad luck with hardware (Thinkpad X260), or I just don’t have the time to troubleshoot it anymore.
Anyway, I’m having a great honeymoon period with OpenSuse now. I’ve chosen it mainly for great filesystem snapshot support. It seems this time everything missing on the repositories are covered on flatpak, and things that usually give me trouble (for example IME support) simply worked. I loved the Xfce theme. I’ll probably be staying for a while.
Makes sense. I've always assumed that OpenBSD has a very narrow use case anyway. I love it for a network firewall because the configuration files are sane and easy to understand (stares at systemd networkd). I set it and forget it.
it is easier to setup a openbsd vm and have it handle all the network routing and wireguard stuff, than it is to simply disable the unrequested zeroconf stuff included in systemd-networkd/resolvd.
A while I'm a fan of OpenBSD where it makes sense, there's also more than one Linux distribution that does not have systemd and the related madness.
I personally think systemd, which I despise, won and effort would be better allocated trying to improve it (e.g. ripping the zero conf stuff from it to begin with)
“I can not do that on OpenBSD without a huge headache and very bad performance.”
This applies to practically everything, not just virtualization!
Journaling filesystems have been around for decades now; I don't think I've had a data loss incident since I stopped using Windows 98? I know it's volunteer driven but it seems like working on data integrity might be more of a benefit for security than some of the gimmicks like TRAPSLED.
OpenBSD had Soft Updates, which isn't really journaling but sort of similar. It was suppose to help with with file system integrity, in the case of crashes. OpenBSD removed it last year because it got in the way of VFS updates, and was hard for the team to maintain[1].
I love OpenBSD, but it really does need a modern filesystem. The current team might be to small or just not have the right people to do a new filesystem. HammerFS2 could maybe be ported (and one has to wonder if that's not one of the thing that would requires VFS layer updates). Much of the current work on filesystems are being poured into GPL licensed code or ZFS, which also have an unfortunate license, so OpenBSD either has to borrow HammerFS, or do their own thing, which they probably don't have the resources for.
1) https://undeadly.org/cgi?action=article;sid=20230706044554
BSDs bet on permissive license hoping companies would drop code on them. Turned out companies were either using linux or dumping abandoned code as GPL to strategically keep out of competitors.
BSD licenses were a thing before GPL lost the final battle, when linus accepted the tainted-kernel compromise. Now it's a relic of a bygone time, which show allegiance to a side on a war that no longer matters.
Apparently, they removed the soft update feature: https://marc.info/?l=openbsd-cvs&m=171489385310956&w=2
Most setups nowadays do full disk encryption outside of the FS, so the journal doesn't help much.
If you have SSD->LUKS->GPT->LVM->Ext4, then a bug on any of the (newer, buggier) components before your journaled FS means you lost data.
The journal does what it's supposed to, doesn't it? I.e: keep the file system from breaking on panics, or power loss. Sure it doesn't protect you against a corruption bug in LVM et al., but that doesn't make it useless.
Any examples of that happening in the wild?
Yes, if you search for people trying to mount a LUKS volume image readonly to then try (somewhat successfully in my case) to get data from the journal or run destructive fsck operations, you will find lots and lots of examples.
> If you have SSD->LUKS->GPT->LVM->Ext4, then a bug on any of the (newer, buggier) components before your journaled FS means you lost data
And yet it's never happened to me. Dozens upon dozens of systems. Linux or Windows or Mac for that matter.
I've toted around a laptop with whole disk encryption for > 15 years and never lost data. Not once. Even after a forced power off.
I have, however, lost data to major FS corruption on an OpenBSD system with no encryption whatsoever. More than once. Still using ancient MBR and legacy boot because, well, OpenBSD.
> I've toted around a laptop with whole disk encryption for > 15 years and never lost data.
me too. Until I did. Negative anecdotes in a discussion about rare events are unhelpful.
My point is not that journaling is useless and should be dropped (I only use openBSD in things that are either readonly storage or virtualized on a host which does have proper FS). My point is that the "new setup" used by most distros introduced a lot of things that are above the journal. We have been rocking FDE for over 10yr, but the mass of people with crappy hardware and who just unplug their computers are only exposed to FDE for the past couple years.
My experience with LUKS robustness is less so, but I've uncleanly powered off many a laptop with BitLocker, FileVault, and commercial encryption with no ill effects.
> Still using ancient MBR and legacy boot because, well, OpenBSD.
OpenBSD supports UEFI.
It seems her biggest issue by far is bad VM hosting, followed by the filesystem (the latter being possibly an hardware compat issue). Everything else seems tertiary or downstream from the big one.
Better VM hosting would enable a big usecase directly, enable the software separation she likes, ameliorate a good part of the battery issues (as that's what she often uses the OS for), and with passthrough maybe even help work around the other hw support issues.
Given how critical virtualization is to security anyway, it sounds like a topical thing for OpenBSD folks to put directly into the OS (a la bhyve).
This was interesting to me.
> I have grievances against OpenBSD file system. Every time OpenBSD crash, and it happens very often for me when using it as a desktop, it ends with file corrupted or lost files. This is just not something I can accept.
Doesn’t openbsd use a fancy-ish ZFS type file system?
I have the same grievance with XFS on Linux though. For as much as people say how awesome it is, the few nodes I have running XFS are the least reliable pieces of garbage on a hard power off and a pain to get back up (if I don’t just nuke it anyway)
I wonder if xfs caused all of my disk reliability issue when I used it inside longhorn. Never again will I trust my data to either of those systems. Maybe one of them is innocent, but I don't care.
XFS on longhorn is double trouble for me. And mostly what made me realize XFS is trash.
I use longhorn on ext4 and never have issues at all
Nope. FFS2.
Another recent discussion (fewer comments): https://news.ycombinator.com/item?id=42201302
Also FWIW, I use OpenBSD as my daily driver, and I like it especially due to the security (I separate user-level activities, including net browsing, by account), and have not had the crashing or filesystem issues, fortunately. Her points are probably valid though, as my demands of the system are less than hers.
I expect to see lots of people jumping in to defend OpenBSD right about now...
I keep a special laptop for all financial stuff. It is not that expensive and the inconvenience is limited. And on it I have CubesOS, but I guess OpenBSD would also be a good choice.
I assume you meant QubesOS not CubesOS which I don't know of. You can totally run QubesOS as a host, it helps for hardware compat and fs perf/stability, and run OpenBSD alongside Fedora or Debian VMs as guests.
Something like 99% of the use cases I've seen for OpenBSD are servers that have no keyboard, mouse, video, audio or other plugged into them. It's completely unsurprising that bluetooth and gamepad support isn't a priority.
> It's completely unsurprising that bluetooth and gamepad support isn't a priority.
The Bluetooth stack on linux is literal code trhown away from qalcomm (or was it broadcom?) with dbus on top. But since they dumped it as GPL it won't reach BSDs.
That might be true, still to defend OpenBSD, it’s smooth sailing trying to run a desktop on OpenBSD compared to let’s say FreeBSD.
The rumor is that OpenBSD devs run it on Thinkpads while most FreeBSD devs are using MacOS as their main OS.
Yea, I noted that too.
As a gamer & dev running Linux, I pass-through bluetooth hardware into a gaming VM for controllers and don't even have bluetooth stack on host.
Gamepads work.
Does working on the OpenBSD team require using OpenBSD on your daily desktop?
I like Linux a lot but personally I am starting to get frustrated with rootless containers. It is frustrating one has to have higher privileges running the container to make it have its own IP address inside the container. It's frustrating you cannot have the container read and write on the filesystem as the UID running the container unless the process inside is root.
I might have a better experience with VMs but every system seems like a lot of effort to just get something running. And after that the object is not as disposable as I'd like. My favorite tool for VMs so far is Incus. I'm planning on looking into Firecracker this weekend for fun.
Unrelated, but regarding:
> I understand it can make some people angry as they have to learn how to use it.
I don't think that's a significant part of what is upsetting anyone.
because containers are not the solution you want. That is just Docker Enterprise marketing at this point.
Future of desktop security is on namespaces and bind, etc. Use aparmour, firejail, systemd unit file hardening. You will suffer less.
Containers and flatpacks are much more convenient, but only because you are not getting what you think you are getting. so.
> I need to experiment and learn with a lot of stuff, this includes OCI containers
OK understandable ofc.
> Running virtual machines on OpenBSD is really limited, running programs headless with one core and poor performance is not a good incentive to work at staying sharp.
Can someone explain this a bit more? I mean: I also run both VMs and OCI containers (well, Docker really atm) but what's that about "headless with one core" OpenBSD thing?
OpenBSD can run a VM but it's limited to one core and there can be no GPU passthrough? Is that what she means? That she can only access the VMs through the network?
No GPU passthrough would indeed be kinda a deal breaker for me too.
> I moved from OpenBSD to Qubes OS for almost everything
(a bit of a rant but it's related to TFA from a "what a dev may need" point of view)
I like that Qubes OS focuses on security, something which, for example, Proxmox seems to have an interest approaching about zero. Sure you can contenairize and virtualize but the Proxmox host itself, the "hypervisor" has countless ports open by default "because you'll need them for insecure lots of insecure protocols here and the entire Proxmox security seems to rely on only the firewall. Firewall which, moreover, sometimes resets by itself to "ACCEPT" everything by default.
I run Proxmox on a server and I did a proof-of-concept, running Proxmox as my desktop, using GPU passthrough from a VM to my main display (requires quite a bit of setup and settings and may or may not work on some hardware, but it's darn sweet when it works: one GPU for the host, one GPU for the guest(s)). It works. I know some are using that setup (including some Proxmox devs) on their workstation. But, sheesh, does the Proxmox team seem to care more about a shiny UI than security.
So, basically to be too far from TFA: leaving OpenBSD (considered to be ultra secure) for QubeOS... Does QubeOS really deliver more on security compared to another efficient alternative, like Proxmox? (don't get me wrong: I know that QubeOS is meant to be a desktop, which Proxmox not so much... I just wonder if QubeOS is really secure compared to OpenBSD).
In this day and age of AI models (for those who want to run some locally) requiring fat GPUs and lots of configuration on the software side and with the pace at which new models are coming out, I think nothing beats an hypervisor and VMs using GPU(s) passthrough. This way you can quickly test new models, install tens of them, backup working VMs or containers, etc.
I can see how OpenBSD is negatively affected by that: a 4090 or 5090 (or two in the same machine FWIW: a friend of mine runs just that, two 4090 using GPU passthrough) is quite something. The world, atm, shifted towards GPU. That's why NVidia is enjoying such a market cap.
Although Bluetooth and gamepad do not matter, it looks like OpenBSD may be missing something here if the GPU and GPU passthrough story is subpar.
In a "the world is moving" way.
At least in my case, after reading a TFA like this, I don't see why I'd run OpenBSD... Except as a firewall in front of my Proxmox machines (which badly need that) ; )
P.S: don't mistake this rant for me not loving Proxmox. It's just that I wished they cared less about "shiny" and "convenience" and more about not opening every single port and service under the sun on the host. Something which QubeOS may be better at.
TL;DR: OpenBSD is bad as a desktop (no bluetooth, limited gamepad support, etc).
Sounds like it's not great as a server either, if the virtualisation support still isn't up to scratch.
And losing files after a crash is something that hasn't happened to me for at least a decade (not with NTFS,ZFS(FreeBSD),UFS2(FreeBSD), ext4 or XFS), maybe rip out soft updates was a bad idea?
She states in that post she had issues running virtual machines on OpenBSD. This isn't the same running OpenBSD in a virtual environment.
I think the reference was to VMM, OpenBSDs own hypervisor.
Usually you use it as firewall or router in bare metal.
And it was starting to stupidly lag for those use cases by 2007, because after some point you start care about firewall/router performance too...
I adore OpenBSD because it's so lightweight, but I dropped it for FreeBSD when the same hardware couldn't max out a 1 gigabit connection running OpenBSD but could with Free. Since then they have made network changes so I'll probably try again even though the bar's moved and now I need 2.5 gigabit connections to be saturated. Happy to give it a chance anyway.
I just remember considering it for routing/firewalling duties about 2007, grabbing then-current performance optimization guide, and finding whole chapter in how to force irq sharing so that interrupts from any NIC will trigger driver code from all NICs...
I can't argue about gamepad support although I would say it is less desktop territory than console/steam machine territory. But for bluetooth support there are definitely good workaround with those usb class compliant soundcards that autoconnect to nearby bt headset/speakers.[1]
[1] I assume you would want to use bluetooth for audio only because anything else usually sucks and can be done better/faster/more reliably with wifi or USB.
cool keep us updated