One capability that I see is missing from opus is this ability to understand an entire system. My hope is that a mythos class model will be able to comprehend even something as complicated as an IOT system with a hardware and firmware layer multiple API’s backend and different kinds of API and web clients.
The main limitation we’ve had to agentic coding is an understanding of this system that spans processes running on different machines and architectures.
I was surprised because the writing _seemed_ focused and It at least credits what they copied from "nohello.com" ... but when you compare the 2 sites it becomes obvious that the AI was definitely prompted something like "make a copy of nohello.com but for people posting AI slop" and that's all the actual human thought that went into this. The structure is the same as the source and has just been LLM-ified so it kept some of the same source tone.
Come on, Anthropic ARE the good guys if there are any. Certainly the incentives of trillions will do what money does, but they have assembled an incredibly altruistic and philosophically-minded crew. I’m rooting for them and trying real hard not to get cynical.
Karpathy embedded within an organization is way more impressive than him out on his own with hot takes and little projects. I hope he does great things for Anthropic.
Absolutely, I wasn’t saying that him being at Anthropic wasn’t going to be effective, I just think his little projects wouldn’t be very interesting if his name wasn’t attached to them.
We use OpenBSD for our VPSes on Hetzner, bare metal (for security focussed clients) and older (but still good) hardware in our Home Lab. OpenBSD is excellent on older (no longer supported by Cupertino) Apple hardware. We have an Intel Mac Mini Cluster with near-perfect uptime. If you need to run any kind of server (Web, Mail, DNS, NFS, Database) where you need stability & security, look no further.
Some learning curve, but totally worth it.
Have you tried such Openbsd installations vs FreeBSD? I forget the differences between OpenBSD and FreeBSD, so forgive the naivety. (I think NetBSD is more for embedded stuff, and Ghost and Dragonfly are more for conventional desktop use-cases if i recall correctly.)
I'm asking because i have not touched any BSD for over 2 decades...and I'm getting the itch to try some out...and was wondering if for server-type use cases (like you noted) whether OpenBSD is preferred over FreeBSD or the reverse, and why? Thanks in advance for any feedback you might provide!
FreeBSD is a heavier, more capable system, suitable for large servers. It's got its own virtualization platform (bhyve), an LXC-ish container system (jails), native ZFS, dtrace, Linux emulation, and a bunch more. It makes for a decent workstation and has pretty decent hardware support.
NetBSD is small and simple. It's a lot like an old-school UNIX. It makes a decent platform for small services. I run bind and dhcpd on a NetBSD machine. The source code is very pleasant to read. It uses the pkgsrc software repository. It's my preferred platform for writing POSIX code.
OpenBSD still carries much of the general feel of NetBSD and can fill a similar niche on a network, but the security focus stands out in their documentation, subprojects (OpenSSH, LibreSSL, OpenNTPD, etc.), APIs (see pledge(8)), and policies. It makes for a great firewall. I'd say it also requires the most know-how.
All of them have excellent documentation (especially compared to Linux distros) and the base system is developed alongside the kernel, giving you a very consistent experience compared to Linux distros where everything is developed in isolation. If you write C, it's worth keeping a BSD system around just for the manpages and to make sure you're not letting Linuxisms creep into your codebase.
Just to clarify. It's not emulation in the sense it's slower or something. They call it compatibility layer, which is better, but also nobody knows what it means.
This is simplifying a bit, but it's essentially "Linux is just a kernel" so the interface is just Linux syscalls, so the FreeBSD kernel when executing a Linux binary simply answers like Linux (so it has those system calls). How this is used in practice is that on your file system you have Ubuntu/RedHat/... "installed" (so the files and the file hierarchy are lying there) and you either directly or in a FreeBSD jail execute things in there or the binary you have.
I don't know how well it works in the present but in the past that means you could simply download the Unreal Tournament 2004 multiplayer demo or Enemy Territory or other games and just play them as if you were running Linux, 3D acceleration and all, without VM without real emulating, just the kernel providing what a Linux kernel would provide.
Also "heavy" is very very relative and subjective. You can totally have a tiny FreeBSD and a huge OpenBSD and one could argue OpenBSD is "heavy" because it comes with three window managers, an HTTP server, a full blown SMTPD server, ACME client and a ton of stuff that eg a server install of Debian or Ubuntu doesn't come with. But also if you run eg. ZFS things are heavy of course. FreeBSD has however had a time when it tried to strip a lot of stuff from the default install and make stuff either optional or make things available through ports/packages only.
And also there are surprises to be had with such overviews: Eg. your Lenovo laptop likely will give you a more "out of the box" experience on OpenBSD compared to FreeBSD with things like simple wifi setup, sound often doing the right thing (work, come out the right place, etc.) compared to FreeBSD. Also with stuff like HTTPD with ACME being available in a simple way after install I'd say OpenBSD is easier than FreeBSD.
FreeBSD to me feels a bit more like "it can be everything you want it to be". Ports and packages can be complicated if you just start out, compared to OpenBSDs "just use packages" stance. On OpenBSD things in my experience are more of a "it works or doesn't" and when it works often out of the box and/or with docs, while on FreeBSD it's more like it throws some tools into your direction you can build stuff (poudriere, jails, a build system with many options). So it's really cool if you want flexibility but a bit more like you have to figure out if it's possible and how. But that might simply be because of the use cases I used it for.
That said all of them are real general purpose systems, unlike eg. some Linux distributions. So it's not like "OpenBSD is for routers" even though it often seems like it. There are time when the GPU support is better on OpenBSD than FreeBSD's. But also FreeBSD has official NVIDIA drivers, so it's all not that clear cut.
I don't have much to disagree with there, only that any survey answer is the difference between complex things is going to be simplified. I'm thumb typing here and no one's paying me to write a book.
I will defend my "heaviness" argument, though. Sure, you can run OpenBSD on large hardware, but it's not going to be able to take advantage of it like FreeBSD can. Which makes sense if you think about it - FreeBSD optimizes for heavy workloads. Conversely, if you set up minimal installs, OpenBSD will be smaller. Again, that makes sense, since OpenBSD focuses on security over features (plus the only truly secure code is the code that doesn't exist). There's a lot of overlap in the middle, of course.
I wouldn't use OpenBSD for a NAS, and I wouldn't use FreeBSD for a diskless firewall. Not because they can't do those things - they just each have their strengths and weaknesses.
The "lightweight" nature of OpenBSD is a matter of perspective - if you are happy with OpenBSD's feature set, then it's a plus. On the other hand, FreeBSD has a lot of additional features, including ZFS, which may be of interest. The last I checked, FreeBSD was more performant in various benchmarks, particularly regarding multi-core performance.
FreeBSD has a bit more of a lax attitude historically to security[0] and seems to prefer being reasonably performant and "easy to use" (this is subjective, but they care about supporting packages outside of base very much, and bundle non-FreeBSD produced packages as part of their base).
OpenBSD on the other hand is perfectly happy to leave oodles of performance on the table for security. They were the first OS to completely drop Hyperthreading support for example, years before spectre/meltdown.
So with these things in mind, FreeBSD is a lot more performant.
FreeBSD has the same roots as OpenBSD but the former has a “compatibility” focus whereas the latter has the security focus.
Having a background in security, the choice was obvious for me. But each person/org should decide based on their needs.
Haven’t had any issues running it on all major hardware (Dell, HP, Lenovo, Apple, etc) the UI isn’t as pretty as macOS on Desktop, but it runs Firefox & Chrome, etc. so you can do everything you need.
If you have an older Lenovo or Mac lying around collecting dust, dive in!
There was FreeBSD and NetBSD. NetBSD supporting many platforms while FreeBSD supported just x86. There was some contention between NetBSD developers and Theo and crew left to create OpenBSD. They all more or less have common ancestry being derivatives of 386BSD.
Yeah, i knew there was some aspects of decendancy across the different BSDs.
And, I mentioned NetBSD for embedded stuff...but really, i *think* its that NetBsd is simply installed on tons of different hardware....so not only embedded....i kinda remembered that about NetBSD.
But, its the other BSDs - in particular FreeBSD vs OpenBSD - that i always forget the differences...but got it now. Thanks!
It can be customized just like linux where you can compile a custom kernel omitting unneeded features and then also ship a small userspace around it, and the core userspace tools are generally a little less feature rich than linux's already.
But it's not a matter of surface area that makes openbsd solid, it's the priorities while writing that affects how every little thing has been written over time.
You can write 10 different versions of a function that all work and are all nominally perfectly free of security gaps.
Yet they will all still be 10 different levels of robust. Some versions will fail as soon as some assumption is violated, and some make fewer assumptions and remain safe even when varying amounts and forms of "that can't happen" happens.
It's not just cosmic ray bit flips either, or a hacker trying to do power glitch attacks or rowhammer etc, stuff that makes the hardware violate it's promises. But stuff like a different developer updating something 15 years later who is not the original and does not realize every single facet of how it works and just how the current implimentation covers all possible edge cases, and so doesn't realize how their change opened up an edge case that was covered before. With fragile code, the new code simply has the new security gap until someone discovers it the hard way. With robust code, it's more likely to still be safe. The edge case maybe makes it fail to function, but not in a way that anyone can use productively.
Not that freebsd is exactly swiss cheese. These are all relative. I would and do rely on freebsd any day.
It's also superficial and wrong, and as bad as dividing people up by hair colour into blondes, brunettes, and redheads.
The way that the BSDs differentiate cannot be reduced in this way, not least because there is a lot of what Justin C. Sherrill (of the DragonFly Digest) calls 'cross-pollination' amongst the BSDs.
A case in point:
Superficially, and erroneously, one might observe that OpenBSD, NetBSD, and FreeBSD have nvi, and only DragonFlyBSD has nvi2. In fact there was a three-way fork of actual Bostic nvi, all of them making revisions and leaving the original behind, and then things got really complex with nvi2 taking from OpenBSD's nvi, and FreeBSD's nvi taking from nvi2; not even getting into the existence of nvi-m17n along the way and how there are nvis in base and nvis in ports. (https://news.ycombinator.com/item?id=48132452) One cannot divide the BSDs up into those that have nvi2 versus those that have nvi.
Yes, you're not at all wrong! However my goal is not to definitively 100% know the exact differences between the BSDs...i merely wanted to seek out a quick/easy starting point (the very high level diffs)...so that i can start *somewhere* and hopefully avoid my paralysis by analysis. :-)
It is a generalization of the essentials, and not wrong.
You know even though I said the execution is unlike linux, in fact, there are many many details that are just like linux! What a freaking ignorant liar eh? There's like 100 things like that you could say. No wait, no way it's exactly 100. There's obviously some other number like 105 or 612 things like that. So superficial and wrong!
OpenBSD does support some older hardware already not supported by, say, most Linux distributions. As an example MacPPC has’t had support from most Linux distributors since IBM Power went little-endian, but OpenBSD runs fine on it.
NetBSD is, however, the gold standard for an OS that runs on just about anything. Their (maybe unofficial) slogan has been “Of course it runs NetBSD!”. Their logo has a flag in it because they “plant their flag” on so many platforms.
100%. I put off learning/using OpenBSD for a decade until a breach at a client (we weren’t responsible for DevOps/SysAdmin) made me pick it up because I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them. Wish I’d done it sooner.
Lost at lot of time on Linux, Docker, K8s, etc. that I could have skipped completely with OpenBSD.
Our servers are an order of magnitude simpler now, just single services per VM and I sleep better. ;-)
> ...I don’t have time to be a full-time Linux Sysadmin anymore. Just want the servers to run without having to think about them...
Very salient comment there! And, while not the only reason for me, but what you noted is sort of one reason that's triggering the itch in me to go back to playing with the BSDs. Don't get me wrong, I still do love fiddling around with some areas of linux once in a while....but then, there are other uses/areas where i just want a server to do its thing, and for my maintenance to be a little less (at least less than some linux distros require). So maybe i'm not the only one? :-)
Yeah, time is finite and fleeting and the older I get the faster it seems to go!
As a teen I had infinite time to compile Linux and debug stuff. Now I just want to spend time with family/outdoors and not be stuck in a windowless room negotiating with a black box. ;-P
And, wow, do i miss the old X-window workstations...well, i should clarify that i LOVED those (I think they were Sparc?) workstations that ran Solaris or SunOS back in the day! Man, that takes me back some years...but i really loved those machines! :-)
OpenBSD supports sparc very well and is compatible with old sunos stuff (iirc). Unfortunately no 68k anymore (okay, technically there's a niche flavour of 68k that still is supported because of a very dedicated man in Japan)
Kenji Aoyama truly is aligned with the best of the hacker spirit. As for getting your hands on a luna88k, I have no clue. The only thing I managed to find was a broken one that sold for ~USD 750 at an online auction.
It's worth mentioning at this point that one can still get (Open)Solaris descendent operating systems: OmniOS, SmartOS, and Tribblix. The latter still has SPARC in its installation guide.
Another part of my nostalgia with those old workstations (besides the core OS) was the desktop environment, i think CDE or motif or something like that. Something about the look and feel of that DE i always thought was cool!
I've just setup a new ThinkPad with openbsd. You just need to put the firmware needed on a usb stick, mount it and run one command, fw_update -p ./ It wasn't hard.
I use OpenBSD among Hyperbola GNU/Linux, soon to be rebased from a deblobbed OpenBSD 7.0 hard fork. IT's dumb easy to setup too. Also, I daily use nvi, oksh, oed (a portable ed for GNU/Linux) among Xenocara and CWM, and this way the environment it's almost the same as OBSD but with a GNU/Linux kernel.
Yeah, I'm aware of FSFLA and Linux Libre, but Hurd is not ready yet and it's being worked on with LLM's (something really anti-GNU, as it's propietary SAAS).
I don't really see the LLM use as anti-GNU. It would be no different if the code was written in a proprietary IDE with fancy code completion. GNU doesn't restrict contributors to using exclusively free software for their contributions (if they did, they likely wouldn't have gotten very far considering how much work apple did on GCC). As long as the license is free and GPL compatible, it isn't inherently non-GNU (though, they'd encourage you not to use a SaSS for your own sake)
Now, is LLM code in the hurd a good thing? No, absolutely not. Ignoring the licensing limbo of LLM output that still isn't settled , LLMs make pretty bad code often enough that I wouldn't trust it to work on something as niche and relatively undocumented as the hurd.
A local LLM with GPL compatible input and with options to properly tag the source with a full backtracking of the code? Maybe, but that's not what's happening, but massive license laundering.
I want to use OpenSMTPD so badly, but it doesn't have proper support for authentication via LDAP (at least, as far as I can tell). It insists on reading plaintext passwords from the LDAP server, rather than BINDing as the user in question.
I use it on my personal laptop, essentially because I like how slim and simple it is.
Packaging is simple, kernel development and upgrade is simple, etc. Also the kernel code itself is written in a style I like, it's to the point, no useless abstractions, no fuss. I prefer it even amongst other BSDs I tried (netbsd and free*lbsd/dragonfly).
It just feels nice to be able to understand most of your system. It's not as fully featured as Linux, but there is a sense of understanding your system that is refreshing. A bit like if you're on vacation in a small and cute village where life is mundane and calming. At least that's how I feel with it. Mileage may vary.
A while ago I made some blog posts[1] diving into the source code of OpenBSD and FreeBSD (shameless self plug), but haven't had the time recently to write more.
Being able to understand the system, or at least being able to take a quick look when something doesn't work is very refreshing. Not to mention the outstanding man pages. Barely need to google things.
I used to run it on a laptop too, but the battery life was shorter and the laptop ran noticeably hotter than under Linux, so I eventually switched back.
That said, OpenBSD feels unusually coherent (ej. check wifi connection from terminal). The whole system has a level of consistency that's hard to find elsewhere, also between other BSDs.
I ran OpenBSD on my laptop 22 years ago. Back then, a full GUI environment with terminal, web browser, editor: 28MiB of memory for the whole operating system and user environment!
About 10 years ago we moved offices, and I was over checking out the new internet circuit and cabling in the office. The circuit was up, and I hadn't brought anything with me to connect to the network, but we had already moved some boxes of old stuff over.
I found a 10+ year old Dell Pentium III laptop in one of the boxes, installed OpenBSD to do some simple connectivity testing, and ended up with a full workstation install and using it for network monitoring and some other random stuff. It stayed in the network/server closet until we moved out of that building just a few years ago.
> there is a sense of understanding your system that is refreshing
That's why I used to run Slackware, and then foud Alpine to be the best - much better than Void or Arch IMO. Works well as a very minimal system, and I know everything very well because of it. It's an ideal approach IMO, the best of both worlds.
I run it. Home firewall, office desktops and laptops. It's pretty stable and I'm fairly familiar with it. Really simple if you know Unix. I hope it never goes away, not sure what I would replace it with. Linux is so complicated now, it's just too much for me to deal with
If OpenBSD dies (somehow, at this point so many things are maintained there (OpenSSH, LibreSSL, PF, Tmux, sudo kinda) that it'll always exist to a degree) one of the other BSDs will suffice. FreeBSD is bloaty but for the most part works fine enough
Not GP, but I mostly use: Firefox; Emacs; MPV; Keepass; calibre; xfe; mupdf;... Then a bunch of cli tools. There's a lot in base, so cli are mostly extra utilities like cmus, git, tig, ncdu,...
I would imagine that a lot of people who use OpenBSD on their laptops/desktops run a lean installation with one of the window managers in base (an ancient fvwm version, cwm which I find very nice and twm).
You can however have a full-fat desktop environment with xfce4 or gnome and applications like libreoffice, gimp, inkscape, audacity and so on if you wish. I've never tried KDE on top of OpenBSD base but I gather packages are in ports.
I think it is fair to say that the amd64 arch has good support. The i386 platform arch is on a 'best effort' basis these days which is understandable. I've never looked at the others.
SPARC is well supported (mostly because it's very good at finding bugs that wouldn't be big problems anywhere else despite not being 'correct') and big endian PowerPC (both 323 and 64) is fine, though hardware can be tricky since apple products tend to be so integrated that you can't really, say, replace a GPU because the support is poor
My wife and I are building a wedding rentals company. I'm responsible for the digital part and building a Ruby on Rails app deployed to OpenBSD. The entire thing runs on a cheap Supermirco U1 server in a rack at our home. :-)
I use it for my home router, a small home server, a personal VPS at https://openbsd.amsterdam and a development VM (mostly for testing BSD backends on portable software).
I wish I had an OpenBSD development laptop, but I don't have one right now.
open-bsd will always feel like a safe pick for anything in regard to vault or key holding ; it's not appropriate to run anything CPU intensive - but it's a very appropriate system for anything that just need to boot up and hold some data ; eventually expose a network interface.
Authoritative DNS (nsd) and email (opensmtpd) runs out of the box with minimal config on very low ram kvms. The documentation is fantastic, installation is easy; sysupgrade has been a big improvement, though I wish they'd slow the release cycle a little
I use it for home router, my laptop, several vms for various services, and on one vps I keep around should I need to quickly set something up. I keep a proxmox server for anything I can’t or won’t run on OpenBSD.
Been running it as my home router since 2.3.
I had it on a server for a very short time when I used hardware RAID but I replaced that quickly with FreeBSD for ZFS once I could afford to replace that old Dell.
I ran it on my personal laptop for several years when I had one, but having a work laptop for these past decades I don't have much use for a personal laptop. I would probably run it again on a nice portable when I retire. It would be nice to focus on being creative on such a machine. Coding and drawing mostly. I will continue to use Linux in my recording studio though.
I've been running OpenBSD on my main laptop for about a decade, as well as on routers. It has the most consistent and well-designed interfaces of any modern *nix other than arguably macOS.
It is, by far, my first choice for a router/firewall. It has so many niceties for this, all well integrated OOTB, and you can deploy something top notch in no time at all.
I use it for my mailserver (thank you openbsd.amsterdam), for the gateway in my homelab, a dedicated OpenBSD VMD machine in my homelab, and on personal machines (Macbook Air M2, a Thinkpad X220 and on a T480 that dualboots OpenBSD/FreeBSD).
For mailserver I think it is the best option. And for Gateway, PF is just wonderful.
But even on my laptops I enjoy it. It is rock solid, and I have pretty much no complaints.
Not really, but OpenBSD has been in my life for 25 years.
I used OpenBSD to create the firewalls for our LAN parties when I was at school.
The first shellserver I ran, on an UltraSparc IIi was OpenBSD, gave out accounts to my friends.
And then I used it as a firewall, both professionally and personally, for many years. Until the first Turris Omnia was released, and now I have retired even Turris for pfSense, which is FreeBSD I believe.
But the PF firewall in OpenBSD was superior, definitely to the syntax of IPtables.
To me Linux was a great server OS, and OpenBSD was a great FW/Gateway OS.
My home router, firewall and VPN gateway is an OpenBSD box, Intel N100 with quad 2.5G Ethernet. To be frank, Linux has better support for fighting bufferbloat with FC-CoDel, but pf is so much saner than Linux firewalls it's not even close.
WiFi is handled separately by a Ubiquiti UniFi system, but I don't trust Ubiquiti not to exfiltrate data after their underhanded attempt to turn telemetry on a few years ago. OpenBSD WiFI is somewhat mediocre, but it has improved in this release with experimental support for WiFi 6 after years of being stuck at 802.11n.
The closest you will get to the OpenBSD experience on Linux is with Alpine Linux.
>so much saner than Linux firewalls it's not even close.
This is a big one for me. I've run openBSD and Linux custom boxes as SoHo routers and I just cannot stand Linux firewalls, I've never liked them and IPTables is just terrible. Yes I know there are wrappers around it now but it's still the default everywhere and still used by lots of other software like Docker. I'm using OPNSense now which is FreeBSD based instead of completely rolling my own but I love that it is still BSD under the hood.
One differing opinion I will offer is that I find NixOS to be the Linux distro most in the openBSD spirit despite it being very different from a UX and config management perspective. Alpine is interesting, but it has its own security and compatibility issues, especially around MUSL libc which I have had cause many strange downstream issues over the years, I just hit one recently in JVM GC caused by its memory allocation implementation. I've stopped using alpine altogether because of them.
Work: I need a simple easy to use system that I can configure to meet third party compliance requirements without jumping through hoops. It really excels when you can mostly use the base system there, maybe couple services. For example it's so nice to just have a couple pledge/unveil lines for example in a Go service.
Also super nice for "set and forget" style stuff. For example "I just need a HTTPS server with acme and SFTP". That's something you get out of the box with no third party packages (so everything vetted, pledge/unveil for everything, maintenance just running syspatch and sysupgrade), which is really nice.
Personal: Private mail server, family website, a quick and dirty "watching streams together" service I set up to watch stuff with people not in the same place as I am. prosody to have XMPP for friends and family.
I would NOT use it for "people throw stuff at you" use cases (Linux and FreeBSD do a far better job there). But I absolutely love it for scenarios where you want very very low maintenance. For example that private email server. I don't have time to do big upgrade plans, or "hardening" systems or reinventing the wheel. I cannot afford to do privately what I do in a day job or consulting (setting up or maintaining really rather complicated infrastructure).
I have done that many years with Debian, but the Linux world sadly is a big complex and complicated mess. That's great, when I get paid to deal with it, but annoying otherwise.
And I don't mean that bashing wise. I use Linux, I like Linux, but somehow there is a huge drive to overengineering and then building hacks and weird workarounds that become normalized until it's a proper job. Without wanting to start a flame war, but the whole Docker, Containers, Kubernetes, Helm, Orchestrators, etc. story is a lot of reinventing the wheel and a static executable like a Go service in a container, so essentially coming with a whole Linux distribution even though one never thinks about it that way is just really absurd. That's what executables, processes, etc. were invented for.
And since I've lived through the story and as mentioned make a limit, I understand how that came to be, but it feels like the industry took a wrong turn because it was cool and exciting and then (nearly) everyone decided to use that hammer for everything one could imagine to be a nail. And then the next layer came and the next and the next. But all of them doing things differently. And suddenly to have a Postgres cluster you need Kubernetes, and Helm, but also need to know both PG config and the orchestrator's config, etc.
It's a mess and the OpenBSD people somehow knew that decades before I did.
I’ve been using it on an old PC Engines router (great hardware, by the way! I wish they were still around.)
It ran for over 8 years without downtime, but I’ve had repeated problems in the last year or so.
I used the default partitioning scheme, which makes /usr tiny, and /var huge, and since it is a router, did not install X11.
At some point, they made x11 mandatory for auto updates. This is dumb, because all the upgrade tool is doing is untarring a list of tarballs. So, I had to perform partition surgery from the upgrade ramdisk to make room for X11.
Now, they made some ASLR relinking scheme mandatory, which makes sense, except the relink directory is 1.5GB (larger than the entire rest of the distribution, and far larger than the parts I voluntarily installed!).
For some reason the relink output files go in /usr, which, by default, won’t hold it at upgrade. It really belongs in /var, because it is not immutable, and also, there’s room there! So, I had to repartition the router from a rescue environment again.
They also removed the ability for ntp to sync on machines without cmos clocks, and the alternate config options don’t seem to work. That’s a bit more niche, granted, but my router hw is reasonably common for openbsd use and has that property. You can make it work by using a second utility to force clock sync at boot.
I like that they keep things simple, but they also recently pulled out any semblance of power loss safety for their file system. I’ve had to serial console in a few times to run fsck, which isn’t really the behavior I want from the home router!
They don’t have any way to setup DDNS in the base install, so you have to use a port or pkg. The port I chose was EOL’ed by upstream (ISC), so I’ll probably need to switch to dnsmasq as a dhcp server / dns server, which is fine, but those services are a significant fraction of the attack surface of my router. DDNS seems like a pretty simple thing to implement, and would be really high value for router use cases. Without it, I’d have to assign static addresses to everything on the LAN, then edit DNS records.
I think all this stuff is fixable, but wish they’d take the niche of “rock solid secure infrastructure” a bit more seriously. This used to be a nice “set and forget” weekend project but now it requires attention every few release cycles.
7.8 barely managed to fit in my duct tape and bailing wire partition layout. I’m probably going to switch to freebsd on a box with faster NICs when I finally get a > 1GBit internet connection (hopefully in the next year or so).
If I upgrade to 7.9, I’ll have to give up on using the openbsd hypervisor, since, with the partition scheme that the installer chose, there will no longer be a partition large enough to hold the download sets and also the vm image.
This is particularly frustrating because the boot drive is under 50% full. I’d just do “one big partition”, but they warn against that for good reason - it complicates manual fs repair at boot.
Anyway, I really like the project. It would be nice if they did a “fix common papercuts” release, since I doubt many users are as patient as I am.
If you are looking to install it, either use fewer partitions, or way over provision storage (I was 10x over provisioned at install, and the stuff I use hasn’t grown more than 10-20%) and also make sure you choose much larger partition sizes than recommended. This will add under $100 to your hardware cost, even with the storage shortages.
Backup, do a fresh install with new partitions, restore. You have to do this every once in a while especially if your partition sizing is from nearly a decade ago.
My one complaint about OpenBSD would probably be lack of resizable partitions. You can expand them, but only if you have free contiguous space and most of the time one partition starts where the prior one ends. It's rarely a problem in practice, as only /home and /var and maybe /usr/local tend to be subject to any guesswork, but it can bite you from time to time as in your case.
I've already done this twice for this box. Its disk is half empty, and the used space is 75% compounding useless bloat:
- 50% of the used space are package sets I never asked for.
- The stuff I did ask for is somehow 2x larger than it needs to be, since they don't randomize binaries in place.
- If they'd actually follow their own filesystem hierarchy standards, and stop using /usr as a build target (very bad things will happen if a crash happens in the middle of that! Why are we making lots of small separate partitions again?!?) then I could just make /var big. Then I would not have to repartition yet again after they introduce /lib/lolz/3gib or whatever in 2027.
Alternatively, if they had a journalling filesystem or still supported soft updates, then I could have one big partition, which would solve it once and for all.
Anyway, I'd argue "take the lan offline, backup the router, repartition and restore" isn't a planned reasonable maintenance task for a router. The fact that its so obviously easily avoidable is really frustrating.
Alternatively, if they just had a "which sets to install?" config option for auto-update (like they do for the OS installer!) then I wouldn't have to do this.
Yeah it sucks when partitions that were sized 8-10 years ago are no longer adequate. I've hit the "/usr is too small to complete an upgrade" trap myself. When that happened I rejected the installer's partition suggestions and made /usr substantially larger (this is also necessary if you're going to be building large ports, which also happens under /usr).
So far that has worked for me.
Some people would also argue that using an 8 year old device as a critical path in your LAN is a risk in itself. Taking routers down to do upgrades is pretty common in the enterprise IT world.
It’s not just the partition sizing though. The lack of DDNS and clock re-sync are really painful.
Similarly, if fsck -y is frequently required, maybe just run that way all the time instead of failing to boot, or fix the root problem. I doubt many sers are taking block level backups for forensic repair in case they need to hand assemble inodes.
Anyway, I wish them well. I want a simple, correct and rock solid OS for this sort of use case. The three pillars of computer security are confidentiality, integrity and availability. Hopefully they’ll focus a bit more on the latter two things than they have recently.
I needed to create a backdoor network-level KVM contraption to help my dad relocate some servers. tl;dr an office was closing down, he pulled the rack and stood it up in his basement. I mailed him a unifi edgerouter 4 that was reflashed to run openbsd. On boot it would create a vpn tunnel to a vps and basically expose a public WAN port to the rack. So it was in my dads garage on his Fios internet, but from a networking perspective it thought that it was in a Linode datacenter.
The ER4 has 3 ports: 1 was for the uplink, one exposed the WAN connection to the rack, and then the 3rd port became a client inside of the network. I could shell into it from home (he's on the other side of the country) and operate from the residential network and also the server network simultaneously. Worked well enough for a few weeks to keep access around until we could engineer a better solution.
Configuring OpenBSD was really quite simple and rewarding. No insane linux network stack / netplan / cloud-init / bs ... just a few conf files.
Thanks was a good watch. Sad though the example of the AI app to “help farmers” that is making things up. I would expect a generational cassava farmer to have a much better sense of how to treat the plants than an image model.
This mirrors my experience at Stevens. The professor would not babysit us during exams and that really did inspire pride. Also the exams were often brutally hard which inspired despair.
I thought similarly, until I actually tried using AI to shop for clothes, now I’m a total convert. It’s like the best possible men’s fashion concierge…
The pressure to turn on the money faucet is very real, and as soon as they do, the AI shopping experiences are going to just mean “run an auction and steer the user to the highest bidder”. Like how Amazon, google, etc all have been doing it for ages. It’s way too profitable for them to ignore.
As long as the trillion-dollar machine can continue to provide useful male fashion advice, then I don't really care if there's a bidding war over my attention going on behind the scenes.
That seems like a poor forecast. I've been buying things from Amazon since they really were just a book store, and for this entire time it has seemed like their search has been Not Good.
For instance: I have a small, old cast iron pan that I use to cook eggs. I wanted to buy a very small spatula (or turner, depending on vernacular) to use with it. But the harder I worked to integrate the concept of "small" into the search box, the bigger the spatulas were in the Amazon search results.
It was like being in opposite-land. I ultimately gave up and bought nothing.
But sure: It's absolutely possible that the fashion-oriented utility of a connected LLM will degraded from wherever it is today, and become every bit as terrible as the Amazon search box has always been.
I hope that it doesn't happen, but it certainly can happen.
The main limitation we’ve had to agentic coding is an understanding of this system that spans processes running on different machines and architectures.
reply