Thursday, September 10, 2009

OpenBSD needs money

OpenBSD CD pre-sales are an order of magnitude lower than expected.  Since the OpenBSD project is funded completely by donations and sales of merchandise, this is a worry.

With the scheduled release of version 4.6 being right around the corner, now is the perfect time to order a CD set and help out the project that has given us not only the world's most secure operating system, but highly successful related projects like OpenSSH, OpenCVS and OpenNTPD among others.  Regardless of your opinion on Theo personally, I'm sure you'll agree that the project deserves respect for its achievements and refusal to compromise.

I'll be ordering my CD set and maybe a nice T-shirt, too.  And a poster.  And, who knows, maybe a mug...

Recently, while playing a game of bridge at the Memorable Order of Tin Hats, I overheard an elderly woman comment that she thinks OpenBSD is becoming progressively redundant.  That its comparatively slow speed will cause it to fall by the wayside as it becomes easier to properly secure systems like Linux or FreeBSD.

This argument superficially holds water, seeing as an OpenBSD install does run slightly slower than Linux, FreeBSD, or most other good OSes.  But what it comes down to is that it depends on your needs.

If you need an OS that can squeeze every last ounce of performance out of your system, and you don't mind getting this optimization at the expense of (at least theoretical) security vulnerability, then there's no real reason to use OpenBSD.  If security is priority, then the choice is obvious.

Even if it were possible to get a hardened Linux to match OpenBSD's level of security (and it isn't, due to the Linux kernel's dependence on binary blob drivers), I don't believe this would be possible without a significant performance hit unless, as I hinted, compromises were made elsewhere by, for example, not utilizing the ProPolice GCC extension, Systrace sandboxing of untrusted applications, or implementation of W^X, mmap, or the strlcpy() family of string functions.

On the other hand, OpenBSD is already secure by default.  Let's face it, the weakest link in any system is its administrator, and the less security optimization work that is left up to him, the more robust the system would be in the long run.

There's no "best" operating system, only a best for your particular needs.  If you need security, go OpenBSD.  If you need performance, go FreeBSD.  If you need to SSH to your toaster, go NetBSD.  If you need application support, go Linux.  If you embrace gay pride, go Mac OS X.  And if you like the challenge of running a buggy, insecure, unstable, legal gauntlet of an OS, go Windows.

If you read this far without suffering an aneurysm, don't forget to visit the OpenBSD ordering page to buy some great swag if you so please.

No comments: