OpenBSD 7.9

Original Article ↗ Hacker News Discussion ↗

Release highlights & culture

  • 7.9 continues the twice‑yearly, clockwork release cadence; upgrades via sysupgrade seen as very smooth.
  • New release song and distinctive artwork draw a lot of appreciation; some note OpenBSD’s strong aesthetic identity.
  • Culture praised: manpages required for new features, clear release engineering, minimal “corporate” gloss.

Use cases & real‑world deployment

  • Widely used as:
    • Home and office routers/firewalls, VPN gateways, and “backdoor KVM” jump boxes.
    • VPS and bare‑metal servers (web, mail, DNS, NFS, Postgres, small app servers).
    • Personal laptops/desktops for users who value simplicity over features.
    • Older/legacy hardware (PowerPC, SPARC, old Macs, ThinkPads) and as a hardware diagnostics tool.
  • Described as “set and forget” for self‑hosted services where low maintenance and stability matter.

Security posture & comparisons

  • Many argue OpenBSD is “secure by default”: minimal services enabled, strong mitigations (W^X, ASLR, pledge/unveil, privilege separation).
  • Others counter that:
    • The famous “two remote holes in the default install” partly reflects how little is enabled by default.
    • Linux can be hardened more and has more advanced isolation (namespaces, MAC, ACLs) when configured well.
  • Debate over CVE counts: some cite far fewer OpenBSD CVEs; others say this mainly reflects Linux’s ubiquity and reporting practices.
  • A recent unveil/pledge sandbox bypass is discussed; impact seen as limited because it required root and special conditions.

BSDs, Linux, and alternatives

  • Rough consensus summary:
    • OpenBSD: security, coherence, base‑system services, excellent docs.
    • FreeBSD: general‑purpose, strong server features (ZFS, jails, bhyve, Linux ABI).
    • NetBSD: portability; DragonFlyBSD: SMP and filesystem.
  • Some see Alpine or NixOS as the closest Linux analogs in spirit; others prefer Linux for “people throw arbitrary software at it” workloads.

Hardware, performance, and limitations

  • Hardware: good on some laptops and older Macs; weaker on cutting‑edge Wi‑Fi (though 7.9 adds experimental Wi‑Fi 6); no current Bluetooth support is a deal‑breaker for some.
  • Performance: generally slower than Linux/FreeBSD; fine for typical server and light desktop use, but not ideal for gaming or heavy multithreading.
  • Filesystem: lack of journaling and partition resizing causes pain on routers/older installs; users recommend generous, simpler partitioning and UPSes.
  • Other papercuts mentioned: DDNS missing in base, some IPv6 and NTP edge cases, and occasional need for manual fsck after power loss.

Overall sentiment

  • Strong enthusiasm for OpenBSD as a secure, coherent, low‑maintenance OS for routers and servers, and as a pleasant “small village” desktop for some.
  • Skepticism around desktop feature completeness, hardware support (esp. Bluetooth, some Wi‑Fi), and performance for heavy workloads.