Re: OpenBSD maintenance compared to FreeBSD
On Tue, Oct 29, 2013 at 09:44:46PM -0500, David Noel wrote: > I started playing around with FreeBSD back in the 2.2.7 days. I'd > describe myself as a casual desktop/workstation user. Back in the day > I was attracted to OpenBSD's heavy focus on security but was pulled > towards FreeBSD due to a good friend of mine being a FreeBSD > contributor ("dude, trust me, it's the way to go"). Recently I've > purchased a handful of servers for a software project I've been > working on and have started reconsidering my choice of OS's. > Administering a single FreeBSD workstation isn't too much of a > headache; I've kind of gotten used to having to rebuild kernel and > world every few months as security advisories are released. But now > that I'm administering 6 of them I'm really starting to get annoyed by > the whole process: rebuild kernel... rebuild world... reboot, and then > pray that it doesn't blow up in my face (as it often does). That got > me thinking about OpenBSD. Looking at the security advisories the last > one I see was from nearly a year and a half ago! That's pretty > incredible to me. Does this mean that I could theoretically have > gotten away with a year and a half uptime? What's the catch here? I'm > sorry but I'm incredulous by how good it sounds so I have to ask. For > me the biggest selling points of an operating system are security and > maintenance. I've been wowed by ZFS, but really how often do > filesystems need to be fsck'd? --and I never take snapshots. I feel > like I could do without it. UFS+J is good enough. Given my priorities, > does it sound like OpenBSD could be the one for me? Hi, OpenBSD and FreeBSD each have their own annoyances. The trick is to match the annoyances to business roles. What's acceptable in one role is unacceptable in another. I use both. Each of them annoys me in their own... special way. The only way to learn where each goes is to play with them. And any time you administer a bunch of machines, it's best to have some kind of infrastructure to manage them en masse. Ansible, Puppet, rdist, something. ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code "ILUVMICHAEL" gets you 30% off & helps me.
Re: OpenBSD maintenance compared to FreeBSD
On Wed, Oct 30, 2013 at 02:04:45PM +, Kevin Chadwick wrote: > Is the time_t fix/hurdle part of 5.4 release? > > http://www.openbsd.org/faq/current.html#20130813 No. "Rolling back to stock 5.3 or 5.4 will require reinstalling."
Re: OpenBSD maintenance compared to FreeBSD
previously on this list Stefan Sperling contributed: > > 5.4 will be out on Friday and I don't see why you shouldn't at least > give it a try. As already mentioned you can use mtier with 5.4 Release but if a package you require isn't on mtier and needs updating then you can either build the package yourself or get a snapshot (supported method but try to keep ports in sync to the snapshot date and retry if there are any failures) or build world. There was a very rare event recently due to eliminating the year 2038 bug which means building world may be troublesome. Is the time_t fix/hurdle part of 5.4 release? http://www.openbsd.org/faq/current.html#20130813 -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: OpenBSD maintenance compared to FreeBSD
On FreeBSD, you need to rebuild the kernel (and partial world) to enable/use IPSEC. By default FreeBSD doesn`t support IPSEC, and enable it turn freebsd-update useless 2013/10/30 Marian Hettwer > For FreeBSD: stay on -RELEASE and use freebsd-update(8) > Nowadays no need to build world. > > -- > sent via my mobile C64 > > > Am 30.10.2013 um 03:44 schrieb David Noel : > > > > I started playing around with FreeBSD back in the 2.2.7 days. I'd > > describe myself as a casual desktop/workstation user. Back in the day > > I was attracted to OpenBSD's heavy focus on security but was pulled > > towards FreeBSD due to a good friend of mine being a FreeBSD > > contributor ("dude, trust me, it's the way to go"). Recently I've > > purchased a handful of servers for a software project I've been > > working on and have started reconsidering my choice of OS's. > > Administering a single FreeBSD workstation isn't too much of a > > headache; I've kind of gotten used to having to rebuild kernel and > > world every few months as security advisories are released. But now > > that I'm administering 6 of them I'm really starting to get annoyed by > > the whole process: rebuild kernel... rebuild world... reboot, and then > > pray that it doesn't blow up in my face (as it often does). That got > > me thinking about OpenBSD. Looking at the security advisories the last > > one I see was from nearly a year and a half ago! That's pretty > > incredible to me. Does this mean that I could theoretically have > > gotten away with a year and a half uptime? What's the catch here? I'm > > sorry but I'm incredulous by how good it sounds so I have to ask. For > > me the biggest selling points of an operating system are security and > > maintenance. I've been wowed by ZFS, but really how often do > > filesystems need to be fsck'd? --and I never take snapshots. I feel > > like I could do without it. UFS+J is good enough. Given my priorities, > > does it sound like OpenBSD could be the one for me?
Re: OpenBSD maintenance compared to FreeBSD
For FreeBSD: stay on -RELEASE and use freebsd-update(8) Nowadays no need to build world. -- sent via my mobile C64 > Am 30.10.2013 um 03:44 schrieb David Noel : > > I started playing around with FreeBSD back in the 2.2.7 days. I'd > describe myself as a casual desktop/workstation user. Back in the day > I was attracted to OpenBSD's heavy focus on security but was pulled > towards FreeBSD due to a good friend of mine being a FreeBSD > contributor ("dude, trust me, it's the way to go"). Recently I've > purchased a handful of servers for a software project I've been > working on and have started reconsidering my choice of OS's. > Administering a single FreeBSD workstation isn't too much of a > headache; I've kind of gotten used to having to rebuild kernel and > world every few months as security advisories are released. But now > that I'm administering 6 of them I'm really starting to get annoyed by > the whole process: rebuild kernel... rebuild world... reboot, and then > pray that it doesn't blow up in my face (as it often does). That got > me thinking about OpenBSD. Looking at the security advisories the last > one I see was from nearly a year and a half ago! That's pretty > incredible to me. Does this mean that I could theoretically have > gotten away with a year and a half uptime? What's the catch here? I'm > sorry but I'm incredulous by how good it sounds so I have to ask. For > me the biggest selling points of an operating system are security and > maintenance. I've been wowed by ZFS, but really how often do > filesystems need to be fsck'd? --and I never take snapshots. I feel > like I could do without it. UFS+J is good enough. Given my priorities, > does it sound like OpenBSD could be the one for me?
Re: OpenBSD maintenance compared to FreeBSD
On Tue, 29 Oct 2013 21:44:46 -0500 David Noel wrote: > But now > that I'm administering 6 of them I'm really starting to get annoyed by > the whole process: rebuild kernel... rebuild world... reboot, and then > pray that it doesn't blow up in my face (as it often does). Perhaps you could try freebsd-update: http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html > Does this mean that I could theoretically have > gotten away with a year and a half uptime? You can theoretically get away with a decade of uptime if you do not do upgrades which require reboot for so long. > What's the catch here? I'm > sorry but I'm incredulous by how good it sounds so I have to ask. OpenBSD is released every 6 months, in between there are patches: http://www.openbsd.org/errata53.html It is up to you to decide if you are going to patch once a week or once a year, and if you are going to compile from source or do binary upgrades. Either way, I don't think there is a system which is "secure" after a year without updating. > does it sound like OpenBSD could be the one for me? It definitely could, but not for the reasons you stated :) -- Marko Cupać
Re: OpenBSD maintenance compared to FreeBSD
On Wed, Oct 30, 2013 at 3:44 AM, David Noel wrote: > I started playing around with FreeBSD back in the 2.2.7 days. I'd > describe myself as a casual desktop/workstation user. Back in the day > I was attracted to OpenBSD's heavy focus on security but was pulled > towards FreeBSD due to a good friend of mine being a FreeBSD > contributor ("dude, trust me, it's the way to go"). Recently I've > purchased a handful of servers for a software project I've been > working on and have started reconsidering my choice of OS's. > Administering a single FreeBSD workstation isn't too much of a > headache; I've kind of gotten used to having to rebuild kernel and > world every few months as security advisories are released. But now > that I'm administering 6 of them I'm really starting to get annoyed by > the whole process: rebuild kernel... rebuild world... reboot, and then > pray that it doesn't blow up in my face (as it often does). That got > me thinking about OpenBSD. Looking at the security advisories the last > one I see was from nearly a year and a half ago! That's pretty > incredible to me. Does this mean that I could theoretically have > gotten away with a year and a half uptime? What's the catch here? I'm > sorry but I'm incredulous by how good it sounds so I have to ask. For > me the biggest selling points of an operating system are security and > maintenance. I've been wowed by ZFS, but really how often do > filesystems need to be fsck'd? --and I never take snapshots. I feel > like I could do without it. UFS+J is good enough. Given my priorities, > does it sound like OpenBSD could be the one for me? > > Best option is to try. 1) With stable you will need to compile if there's some security problem found in core OS, but you can compile it on other machine and then do binary upgrade from sets and not all security problems need complete compile of OS. But a lot of people and I think all developers are using current in production because simply it's so stable. I will say that current is something like LTS of Ubuntu regarding real problems you will encounter during regular use :-) Packages are updated in current, in stable only some of them or really recommended to go for that service from M:tier company 2) Start with reading FAQ immediately, that will give you a lot of info you need for decision especially points 1,5,8,9 3) Filesystems. Well there's not journal, but there are at least softdeps (of course not helping to shorten downtime). But filesystem is solid and is able to go via a lot of problems which can render other systems like ext2/3/4 unusable without a lot of manual work. Same is true for perfect repair abilities of OpenBSD own packaging system for apps. If you want something for storage maybe good idea is to make storage on DragonflyBSD with their Hammer so you will get a lot of capability of ZFS and some not even available in ZFS plus it's not so RAM hungry :-) and for the rest using OpenBSD Main point for me after years and probably for a lot of others is simply that: a) It works b) It's simple c) Text configs d) Perfectly working binary upgrade between releases or snapshots so no need to compile anything e) Documenation f) Good old Unix principles g) No need to relearn every week/month/year something new just because some crazy dev decided that even as it worked fine before he must re-write it and break just because he can, he has power and just because he thinks that everyone must be programmer (Lennart anyone? :D) Playing occasionally with other BSDs just to see where they are and check some interesting functions which are not here (Hammer, rump and so on), but well. OpenBSD may get some things later, but once they are here they work properly (KMS, suspend/resume, softraid crypto and raids, threading, own ACPI and so on and so on).
Re: OpenBSD maintenance compared to FreeBSD
Take a look at this page too (https://stable.mtier.org/). This is a great help to follow "stable" without compiling. I use it with all my servers. Morgan Le 30/10/2013 03:44, David Noel a écrit : I started playing around with FreeBSD back in the 2.2.7 days. I'd describe myself as a casual desktop/workstation user. Back in the day I was attracted to OpenBSD's heavy focus on security but was pulled towards FreeBSD due to a good friend of mine being a FreeBSD contributor ("dude, trust me, it's the way to go"). Recently I've purchased a handful of servers for a software project I've been working on and have started reconsidering my choice of OS's. Administering a single FreeBSD workstation isn't too much of a headache; I've kind of gotten used to having to rebuild kernel and world every few months as security advisories are released. But now that I'm administering 6 of them I'm really starting to get annoyed by the whole process: rebuild kernel... rebuild world... reboot, and then pray that it doesn't blow up in my face (as it often does). That got me thinking about OpenBSD. Looking at the security advisories the last one I see was from nearly a year and a half ago! That's pretty incredible to me. Does this mean that I could theoretically have gotten away with a year and a half uptime? What's the catch here? I'm sorry but I'm incredulous by how good it sounds so I have to ask. For me the biggest selling points of an operating system are security and maintenance. I've been wowed by ZFS, but really how often do filesystems need to be fsck'd? --and I never take snapshots. I feel like I could do without it. UFS+J is good enough. Given my priorities, does it sound like OpenBSD could be the one for me?
Re: OpenBSD maintenance compared to FreeBSD
On Tue, Oct 29, 2013 at 09:44:46PM -0500, David Noel wrote: > I started playing around with FreeBSD back in the 2.2.7 days. I'd > describe myself as a casual desktop/workstation user. Back in the day > I was attracted to OpenBSD's heavy focus on security but was pulled > towards FreeBSD due to a good friend of mine being a FreeBSD > contributor ("dude, trust me, it's the way to go"). Recently I've > purchased a handful of servers for a software project I've been > working on and have started reconsidering my choice of OS's. > Administering a single FreeBSD workstation isn't too much of a > headache; I've kind of gotten used to having to rebuild kernel and > world every few months as security advisories are released. But now > that I'm administering 6 of them I'm really starting to get annoyed by > the whole process: rebuild kernel... rebuild world... reboot, and then > pray that it doesn't blow up in my face (as it often does). That got > me thinking about OpenBSD. Looking at the security advisories the last > one I see was from nearly a year and a half ago! That's pretty > incredible to me. Does this mean that I could theoretically have > gotten away with a year and a half uptime? What's the catch here? I'm > sorry but I'm incredulous by how good it sounds so I have to ask. For > me the biggest selling points of an operating system are security and > maintenance. I've been wowed by ZFS, but really how often do > filesystems need to be fsck'd? --and I never take snapshots. I feel > like I could do without it. UFS+J is good enough. Given my priorities, > does it sound like OpenBSD could be the one for me? OpenBSD doesn't have UFS journaling. Your servers will spend time checking filesystems after unclean shutdown. You might be able to mitigate service downtime by running redundant servers with carp(4). Apart from that, I believe you'll find your expectations satisfied. Note that you'll need to compile ports from the -stable tree to get security fixes for things installed from packages. Ports are only supported by the community for the latest release right now. Apart from that, you can upgrade through two releases once a year, or to the next release every 6 months. 5.4 will be out on Friday and I don't see why you shouldn't at least give it a try.
Re: OpenBSD maintenance compared to FreeBSD
The only way to know is to try.
OpenBSD maintenance compared to FreeBSD
I started playing around with FreeBSD back in the 2.2.7 days. I'd describe myself as a casual desktop/workstation user. Back in the day I was attracted to OpenBSD's heavy focus on security but was pulled towards FreeBSD due to a good friend of mine being a FreeBSD contributor ("dude, trust me, it's the way to go"). Recently I've purchased a handful of servers for a software project I've been working on and have started reconsidering my choice of OS's. Administering a single FreeBSD workstation isn't too much of a headache; I've kind of gotten used to having to rebuild kernel and world every few months as security advisories are released. But now that I'm administering 6 of them I'm really starting to get annoyed by the whole process: rebuild kernel... rebuild world... reboot, and then pray that it doesn't blow up in my face (as it often does). That got me thinking about OpenBSD. Looking at the security advisories the last one I see was from nearly a year and a half ago! That's pretty incredible to me. Does this mean that I could theoretically have gotten away with a year and a half uptime? What's the catch here? I'm sorry but I'm incredulous by how good it sounds so I have to ask. For me the biggest selling points of an operating system are security and maintenance. I've been wowed by ZFS, but really how often do filesystems need to be fsck'd? --and I never take snapshots. I feel like I could do without it. UFS+J is good enough. Given my priorities, does it sound like OpenBSD could be the one for me?