I Started Using OpenBSD
ฝัง
- เผยแพร่เมื่อ 6 ก.ย. 2024
- In this video I talk about why I'm starting to favor OpenBSD over Linux for Web servers.
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my TH-cam channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released.
and that's the power of peer pressuring
👍
@@N.S.A. damn xD
Like that one time therussianbadger bullied the payday 2 developers into adding a comically large spoon into the game..............
Less code overall = less buggy code to exploit.
it's all fun and games until the code is so compiled you can't read it
@@Ozzymand being minimalist with your code shouldn't mean minimizing some arbitrary line count, packing things into compact one-liners.
BSD will simply not have all the features you'd expect in Linux, but when you don't need all those features, that's a good thing.
Yep, same reason WireGuard is more secure, faster, etc. than OpenVPN
Good software engineering practices is the key not the size
@@glumfish6862 Yes but the size is also a factor, the bigger the size usually would imply more lines which leads to more chances of mistakes and more lines to look over and maintain, etc. So i'd say it's good to try to keep the size of your project low and make good code (it only benefits the developer/programmer to keep their projects small tbh)
Wolfgang: buy a macbook and surrender to proprietary software AND hardware.
Based Mentaw Outlaw: Goes full mental and installs OpenBSD.
It was all over when he made that video defending GNOME.
@@Pocket-Calculator oof
He use Macos as a daily driver. Video editing is still dogshit on linux, so i don't mind that.
@@Sharp931 true. Sometimes the linux echochamber forgets that they're still pretty much a niche system for coders
@@rishabruh this is me. I have a 2015 MacBook Pro for proctoring software. It also dual boots NetBSD and NetBSD pretty much supports all the hardware on it I care for
I'm a Linux noob (and curious about BSD's), and it seems we never really outgrow the need to run neofetch as soon as we install a new OS.
It's a tenet, ritual and a mating_call(3).
Once upon a time, it was screenfetch.
Have you watched eva 30+10
@@mahirdeth I haven't watched a single rebuild. I get tempted to untIl I remember Mari is a character. I've read Steel Ball Run, though.
ikari?
TempleOS has not a single network-related CVE. Where's your god now, atheists?
templeOS can connect to the internet?
@@teacon7 NO THAT'S THE JOKE
Ah yes… the religion of non-believers. Love atheists. They think they’re smart and I find it adorable ☺️
Temple os can connect to God through the cloud network
@@AnjewTate Well now that you mentioned it, atheists on average have higher IQ based on the study. There really is nothing in atheism that makes you smarter. It is just that smart people are less likely to believe childish stories. I mean talking snakes and humans being formed when you just breath into dust. No need to be an Einstein.
I only want to know how OpenBSD protects you against the glowboys
better security defaults than pretty much any linux distro, but then again im using it on a VPS which glow boys could easily compromise at the hardware level
@@MentalOutlaw how, so?
i would imagine the hosting provider would have some sort of backdoor
Its a complete system made by 1 team with fewer CVE's and typically considered to have a cleaner codebase. No bluetooth support or other "bloat" that creates security issues.
@@ibnal-sindhi5628 any vps can be imaged without your knowledge by the provider, both RAM and disk. In the good old colo days you’d at least have a heads up when your box got physically seized.
Contrarian Counterargument: OpenBSD has so few discovered vulnerabilities simply because much fewer people care about it and statistically less vulnerabilities are going to be discovered/reported.
If there is no one to see tree falling, does it really fall?
the linux kernel is a honeypot for bsd chads
That is in effect one of the arguments I use for installing any Linux distro to my close relatives' and friends' PCs.
You may not like it, but security by obscurity works
suspicious people will use OpenBSD so the FBI will have interest in it. And they did. That's how one of the 2 vulns ever were discovered
Okay, if you try OpenBSD I'm gonna try Gentoo.
Bartering with youtuber linux man
Loool
Have fun compiling
@@ZitronenChan I don't see an issue there. I have multiple boxes, so I picked the strongest to try it on while I keep watching pron on the other.
yall need Guix in your life
Default Runescape Character a few hours later: "I installed OpenBSD. (Nothing serious)"
Nice timing lol
For a while I thought I opened my terminal then just realized it's your video.
Gentoo, same CPU and GPU
/g/'s influence scares me.
OpenBSD as a daily driver is rocking. Have been using it as my primary (and mostly sole) OS for the past 15 years.
SecBSD ;)
Lol are you a dev of SecBSD ??
Nice. I’ve just started using FreeBSD. I want to do that eventually.
BSD manpages are higher quality in my opinion, even just the addition of more examples is super helpful
You dont have tons of distros so it has that. The only bad thing is that is run hot on my 2005 or 6 Acer laptop back in the day.
I use OpenBSD since 2015 on servers and virtual machines, and on my main desktop machine for about two years now. I love it.
I also have virtual machines on it (OpenBSD and Alpine).
While I have a few complaints, the simplicity of the system is so great I just don't ever want to switch to Linux again.
I still use Linux, but I don't ever want to configure anything serious on it.
On OpenBSD, software configuration is kind of unified, that's just great.
>On OpenBSD, software configuration is kind of unified, that's just great.
What do you mean by that? I'm interested in trying BSD's as well. And if you like to talk about operating systems, do not hesitate to write a wall of text and tell me your experiences and ideas. :^)
@@cultist7931 I meant that a lot of services share the same configuration syntax. A syntax that is probably the most human readable format I can think of (and not these JSON/XML/YAML garbage).
I've a ton of things to say about my experience, but just to give a quick rationale: I use OpenBSD because it's reliable, upgrades are a bless, the whole system is coherent, configuration syntax is near perfect, few changes over the years (no need to change tools when the ones you have work), developers focus on what truly matters (security and usability). The whole system is simple, you can really understand it (and documentation is a bless)... that's a lot of good points, way more than any other OS I encountered in my 17 years of computing experiences.
I could probably go on and on. I stop here. But I will definitively talk about it someday on my channel. I have to.
well, last time I was this early we were tasting salts
this is a real one
i sniff them
Security is not about the OS, but about practices. You need ever to ensure that the damage you will suffer will not be critical, and the more secure you feel, the worse It gets. I am such a believer in the thought that I have not been hacked yet because no one is interested to
That's somewhat true, however you must admit that it is *wayyy* easier to get a virus on Windows than on Linux. Windows really even needs an antivirus and Linux does not.
“Neofetch”
“Change my mind”
This is why I love this channel
Good Luke Smith impression, almost thought you sound clipped him shouting "CRINGE!"
Well this *is* his deepfake channel
@@tanmay______ haha, good point
You point out the amount of CVEs that Linux gets but all of these recent ones are local and are patched at most a month after public discovery, on the page from OpenBSD these patches can take up to a year even if they're high risk remote access CVEs it's like having a LTS kernel but you not only don't get feature updates but you don't even get security fixes. it reminds me of the way windows shills will brag that windows has less CVEs discovered than Debian but does Microsoft patch their security flaws as harshly as the Linux foundation and it's contributors do? not to mention the Linux kernel is open and has many eyes on it, that harsh scrutiny is more of a boon than a flaw.
I definitely enjoy the fact that OpenBSD exists and the ability to have a OS that isn't so connected to corporations, saner default security and better networking (so i've heard i have no clue). Linux shouldn't be the only show in town.
Yes
Wait what?!? Didnt openBSD used "only 3 exploits found in a base install in the last 10 years" as an slogan or something like that?
I must respectfully disagree. The OpenBSD team keeps the code in base small enough that it can actually be audited, and have many times realized certain exploits that are discovered elsewhere have already been patched on OpenBSD with normal bug fixes. They have created a crap ton of the mitigations others have begun to use, and they do not wait up to a year to patch things. Can you cite what you’re referring to?
I really appreciate that that are willing to rip out unmaintained code or replace monstrosities like sudo with something simpler like doas for what 99% of the time sudo is used for-simple privilege elevation. Sudo is still available if someone needs it.
@@nichijoufan “Only two remote holes in the default install, in a heck of a long time!”
@@mbwtt1 I see
we did it
how r u here
Wait, Yeshremy? How do you have so little comments and likes? I didn't know you were good at technology! Do you use GNU/Linux? Do you use OpenBSD? Do you use Windows?
OpenBSD was only special before virtualization because they audited everything for exploitable memory corruption as a priority over feature roll-out. Now days stuff like Qubes OS is what OpenBSD use to be. Qubes is audited all the way down to micro-code interfaces and would take massive ROP chains on top of social engineering to compromise do to virtualization with modern compiler stack and heap mitigations.
Some of my NetBSD PCI stuff made it in to OpenBSD around 2004.
What if you could use OpenBSD in as System like Qubes ? 🤯🤯🤯
Welcome to the hug-zone fren
OpenBSD is my favorite OS to do edge routing and firewalling, it's super easy to use/do on this OS.
Oh uwu
... And the only realistic use cases for this OS
Kenny with the 4th gen intel chip and gtx 970. I respect it
What you are referring to as BSD is actually Based Linux
Lol
@Toy cuck license
@@zvezdan956 but it is a better tool.
@@MemeScreen just dont support them. using BSD license is unethical.
I was a big BSD fan in the 90s. It was much easier to get up and going for me than slackware at the time because of its ports system.
We live in a society where a PowerBook G3 with OpenBSD is more secure than essentially any computer made since about 2013, 2007 on the Intel side of things.
Intel ME and AMD PSP intensifies
Debian remains one of the last "hassle-free" linux distros and I really hope they drop SystemD like they were considering... It's becoming surprisingly difficult to find a linux distro that isn't broken in one way or another, Wifi stops working out of nowhere, Xfce panels have memory leaks in them (1.5 GB RAM for the panel, yikes) etc etc etc Even simple things like a Calculator, linux distros are shipping with a calculator that is so barebones it doesn't even have history anymore (you can't see the previous calculations you did, have to memorize everything) Regression regression devolving
Do you have a source for them considering the dropping of systemd?
I'm.definitely really looking at jumping ship to the BSD world soon myself. I already use Mac OS X on most of my machines and Linux on the others (proud to say the only Windoze box I own is a Pentium II I keep around for pissing around in Windoze 98 Oopsie Edition), so I'm halfway there already...
I think you'll find FreeBSD (and its derivative GhostBSD) as a good desktop daily driver.
Also, one of the best things about BSD over Linux is the documentation.
ya FreeBSD has Linux compatibility
@@starnice5559 just like linux has windows compatibility. works just as well lol
@@danielwanner281 i never used freebsd on main system
The documentation is so good that you won't find many books on the BSDs
To me the best thing is that it is not under the GPL. It free and more business friendly!
Linux to OpenBSD is like when Americans threaten to move to Canada
OpenBSD was never intended (and it’s core focus never will be) for Desktop use.
Sure, you -can- run it as a desktop, but it lends itself to server/adjacent computing. A really fantastic firewall, and a great web server.
It’s not that it can’t (I mean, people showcase that all the time), but the already small community has a tiny portion of that interested in using OpenBSD as a Desktop.
Reject any technology, return to punch hole cards.
Return back to Babbage's Machine
Punch holes still have a backdoor.
Just a guess.
Return back to the abacus..
About Linux kernel, you can opt out what you don't need while configuring kernel fit for you.. so not bloated. Its up to configuration while building it. But i understand as how Apple and Sony for Playstation 3 and 4 uses NetBSD and FreeBSD as they not then forced share their code as well is big bonus. But as all says.. security through obscurity is not always the solution in the end but good road block as for starters.
My heart beats for NetBSD, but I use Gentoo on the Desktop, Arch on most VPSes and the KVM home server host and the old Thinkpad, and OpenBSD on my router (pcengines board), for me that's what crystallized out as the best OS for the job.
Noted
NetBSD is really neat from just the perspective that it uses a microkernel, I really want to try it on one of my Macs (probably the 800DP Quicksilver) to give it a spin.
I know a few people that use OpenBSD as a daily driver. Depending on what software you want, like you said, it may or may not handle it well.
Given the choice, I will use OpenBSD as a server/firewall 100% of the time. I don't have that choice as often as I'd like though.
Hey Mental Outlaw! Could you do a followup about your experience with OpenBSD? Love your YT content. Keep it up! 🐧
had a great time with OpenBSD. The books by Michael Lucas were really helpful getting started.
when it comes to web servers,the attackers will rarely focus on your OS, they will focus on the buggy web dev layer like apache, nginx, php, python, ruby, perl & Javascript. So OpenBSD can do little to protect you from these higher layer surface.
and depending on what type of web services you are going to use and what is the scale & where you are going to host it. For web scale most companies focus on using containerized solutions with docker and kubernetes. So Linux that is.
The main problem that these devs face all day isn’t the script kiddy, it is Continuous Delivering and code deployment and making sure everything is deplorable correctly so there isn’t a downtime. So the security of OpenBSD isn’t appealing.
Netflix uses FreeBSD for the stability, they care about security and they keep their custom FBSD as secure as they can but, once again stability & deployment are higher in priorities.
And with the use of virtualization and hypervisors, there are even more secure alternatives than OpenBSD because they have an even smaller surface of attack because they are not OSs, I’m talking about the programming language virtual machines that run on top of the hypervisor without an OS.
Libressl is a fork of openssl created after (and because of) heartbleed. When heartbleed was disclosed (and fixed) the bsds were all using openssl.
Yeah, stopped watching after he said it wasn't affected cuz they used libressl. LOL, how hard can it be to verify the info before u record a video? That's a rhetorical question.
@@h.i.1359 There was a LOT of information in this video, I don't blame him for getting one tbh irrelevant thing wrong, or rather, a simple anachronism.
He is one step closer to mac os. *BSD only exists for corporations to make proprietary software without copyleft.
Every console ever loves this OS
That's not true. Darwin doesn't even use the FreeBSD kernel anyway.
@Terminalforlife (LL) They never used the FreeBSD kernel. They use the FreeBSD userland. Basically the equivalent of the core utils for Linux. They use a modified version of the Mach kerenl. Which is a micro kernel that was developed at CMU. However in Mac OS it's modified so that less things run in user space (basically it's structured or was structured as a micro kernel but their using it like a monolithic kernel.)
Okay so I just looked it up and according to Wikipedia it did originally contain a lot of the BSD 4.3 kernel. But that was running on top of Mach. So I guess it was basically running a paravirtualized version of the BSD 4.3 kernel (or supervisor or OS if you will ;) ) on top of Mach. Anyway the kernel of MacOS is apparently called XNU. But even though I was wrong about it not really using any or much BSD code in the kernel (I was just going from memory) the core of the system is based on Mach and also according to that Wikipedia article it had most of the BSD 4.3 kernel which isn't FreeBSD, it's just BSD.
samzx81 I heard it uses FBSD's networking stack though.
haha, the luke impression reminded me of a scene out of fighclub :DDD
Tbh I'm not too worried about the privacy aspect of intel me, But what I dislike about it is that it's been the cause of numerous exploits, so running it is like running sudo instead of doas.
Terry Davis is laughing at us right now
God’s third Temple
openbsd is a very clean operating system to use. the documentation is excellent too
the meme is complete, we may all live in peace now...
Haiku OS and programming in Rust will be the next step.
the linux of linux
You can quite easily remove the Intel ME with mecleaner and a raspberry pi, a breadboard and some cables!
Nop
@Game Over I believe the code is contained inside the bios chip, and is quite easy to access, if you have the correct tools. This 10 minute video goes through all.the steps: th-cam.com/video/aRUxfxp9dJ8/w-d-xo.html
Sure, if you want to brick your processor. ME is required to boot nowadays, the best you can do is shrink it slightly.
bro LibreSSL "never suffered" from Heartbleed because the project started AFTER the discovery of the Heartbleed bug
Bryan Lunduke was absolutely right. And 10 years from now, you'll be using openbsd, mimicking linux in the 2000s.
Steamdeck goes brrrr
Pretty sure libressl was created/forked as a reaction to heartbleed.
right before heartbleed. People were looking at the code and vomiting, so they said, 'let's fork it'
A "smart security" system ad just played at the end of this video for me. The glowies are trying to get the based audience. May God have mercy on our souls.
Yes
The only reason to one of the BSDs: you want to become familiar with it in order to exploit a server using the same version.
But how many important servers run a modern BSD?
BSD is a meme
The only real reason to BSD is to impress hacker loli girlfriend,
Ergo Cum Sum Laude you is a pedo. It is written.
all your base are belong to us gg
I know this feeling, bro. Using OpenBSD after about 10 years of Gentoo.
Ah yes Like Smith repost
Makes sense, I’ll have to start looking into openbsd for running my home services when I spin up the home server again.
missed opportunity to put OpenBaSeD in the thumbnail
Any chance at discussing Gemini servers and Bi-Hosting Gemini and HTML content?
Or possibly mailing list etiquette for those starting out on the world of mailing lists (tag useage, end of mail signatures, even how to sort inbound messages so you don't feel like your'e getting spammed if you're in an active mailing list but want to use a dedicated client rather than some sort of web frontend, etc)
Congrats on 100k on the youtoobs!
Louis Rossman is a genius.
OpenBSD's man pages are a thing of wonder. They tell you EVERYTHING in detail.
Gnu version of them also like that but they dent to send the details down
as far as i remember , BSD system dont use monolith kernel approach, they use mikro kernel which as Andrew Tannenbaum say pretty superb
I think they are still monolithic
@@riley3269 interesting , did they change architecture at some point?
I think you confused it with minix.
@@orlovskyconsultinggbr2849 Yes I believe you are thinking of minix
@@riley3269 definitely Minix, i am not sure how i got there about FreeBSD, clear sign that i getting older and forgetting stuff, about OS ;) For me OS it just a necessary layer to run Java and C# apps. I never considered to study deeply Operating Systems, but i did one time tried to read the Minix Tanenbaum book
I have 2 librebooted thinkpad when I want to shitpost on forums (paid in crypto from mixer waller) running Trisquel but might switch to OPENBSD, cause my tinfoil hat is not big enough.
7:36 steam works on FreeBSD, on OpenBSD you can use fnaify
0:58 Indeed. Super _nice,_ even.
I appreciate both Linux and BSD variants. Both have their place in the tech world, and both are better than any OS Microsoft or Apple can make.
Well, if we are to be technical, without BSDs (I think FreeBSD specifically, I might be wrong tho), macOS wouldn't exist so at least that's something
Ștefan Alecu You are correct.
You're in the final form now. You know the universe and the existence. Good luck
Searching for hidden spy chips just for the LARP lmao
ngl now that I think about it, i get it
Whats LARP
if you're gonna go full skitzo, the only move is to burn your PC
Out of context but I just now realized the cat has for eyes, I have been watching the channel for a few months now and have always thought it was had only 2
Nomad BSD is a decent desktop version. Spin it up as a virtual machine check it out
Heartbleed was a problem on OpenBSD though. LibreSSL was forked from openssl by OpenBSD devs in response to heartbleed. It didn’t exist yet when heartbleed was disclosed.
if i may ask, does 8:56 describe you or are you on your way there? Or nah.
Sad you didn't touch on any of the great security features in any kind of depth. I am a linux purist through and through but after a lengthy lecture by my senpai I am ready to concede to the incredible security model of BSD. Will I ever use it? Doubtful. Is it definitely better in an absolute and unquestionable way at being secure? Definitely.
It would be nice if Linux would get the pledge system.
reminder kenny bragged about making a club exclusively for tall people just to brag that he was 6'4 and luke sneak dissed him saying he'd form a club for only Americans because he was white
i will be going down this rabbit hole
@MentalOutlaw -- When you say you're not going to use OpenBSD as a "driver" what do you mean? Going on 30-35 years ago, I wrote device drivers for Unix, both System V and BSD. In my experience a "driver" is a unit of software that an application uses to access a device listed in /dev, and supports the system calls open(), close(), read(), write(), and ioctl() (pronounced I/O Control).
By the way, a hack known as a command line injection attack brought down many a login routine, in the M$ Web Server and M$ SQL Server running on Windows NT in the "golden years" of hacking.
You're right. OpenBSD is probably your best choice for running publicly accessible servers.
Both have encrypted disks, so both are fine for desktop/laptop security.
Linux has way more vulnerabilities compared to OpenBSD because developers and hackers work on developing exploits for operating systems the the masses use.
that resonant frequency in the mic is driving insane
LESSSSS GOOOOOOOOOOO This is a certified gaming moment
YES
GAMING IS CRINGE!
@@danielmalone4446 your mother
Well, AMD's platform security has been breached so I wouldn't put my money on that right now ;)
Also if you get the system to reboot on an Intel system with the right registers set, you unlock the ME and can basically do anything to it as well...
Hey Mental, what is your thoughts on GhostBSD ("A simple, elegant desktop BSD Operating System") which is based on FreeBSD?
All BSDs are too obsolete and primitive to be used on desktop.
If you are using BSD because it has such a small user base that no one will write a virus that targets it, couldn’t you achieve the same with gentoo and a less popular alternative for glibc and compile everything with that alternative instead?
It's not (just) the smaller user base, it's that it has fewer features that could go wrong and sets secure default settings. Less adoption does help, though.
QubesOS when??
The peer pressure I felt was due to systemd infecting all Linux distros, and my solution was OpenBSD :D
obsd has pretty good support for wifi and ethernet drivers compared to FreeBSD.. as a desktop daily driver or semi daily driver give it a spin, who knows you might prefer it..
It's apparently the best BSD (and is often a better pick than Linux) on PPC hardware.
If you write good code, you may have a contribution. For example device drivers for rare devices is a very common way.
@MENTAL OUTLAW
What anonymous VM operating system that can be used inside windows and threat model is hiding from the glowboys?
At the risk of sounding like a soydev, aren't BSDs not compatible with kubernetes and container environments? In this day and age it's a must for many web servers
Buy an AMD CPU released in 2013 and earlier and you won't have to worry about PSP and management engines in general. The final solution would be not using the x86 platform at all, but we have to be realistic.
Let's hope Risc-V takes off
I mean, I'm doing just fine with my G4 Macs (and a G5 that's... oddly sluggish, I think the RAM is dying). Their age is exaggerated for effect, but my iBook G4 is powerful enough to watch videos on TH-cam in a browser just fine while simultaneously forking a repo on Github, and with the bloated, inefficient Leopard at that, while also having a word processor and other tabs open. OpenBSD or Linux with a terminal based TH-cam client would probably do full HD no issue.
Just for fun, I have a PowerBook G3 (333MHz/512K!) I've been meaning to try BSD on. G5s have the current build of Firefox, and G3s/G4s have Firefox 68, a recentish fork of Pale Moon, and NetSurf.
You told me about mint I learned and moved to Arch now. You're moving to BSD. >:) Time to learn something new I guess.
Heck yeah I was waiting for this
It is time. The bsd movement is nigh
I need to find a way kill pop up ads. Just wanna watch my anime. Glad your doing or giving openbsd or giving it a try.
Clearly the best choice for web servers is Windows 2000 running IIS.
Are you going to use the supplied httpd in the base, or are you going for apache? (it's still available in the ports if you must have it)
Nice Louis Rossmann reference
Libreboot and OpenBSD don't go well together, might just install Gentoo or Arch on those ThinkPads.
Just a small correction, LibreSSL was not a thing back when heartbleed hit us, it initiated its development though.
GLOW IN THE DARKS ARE CENSORING MY COMMENTS!
...but I don't even have divine intellect