OpenBSD 6.2 (opens in new tab)

There is a fascinating writeup on some problems that were caused by autoconf config file mistakes that didn't manifest themselves in gcc but showed up in the switch to clang:

https://undeadly.org/cgi?action=article;sid=20170930133438

Followed by

> Disable some optimizations in clang(1) due to incompatibility with security.

There's no bonus karma for waiting until the release is announced.

I've been using it as my only firewall OS of choice since the 2.5 release in '99.

I have almost always used it as a firewall or networking appliance, and only rarely used it as a desktop OS, and never on my main machine.

It has evolved over the decades to be a swiss army knife of network functionality that rivals expensive appliances like the F5 in certain areas. Things like PF, CARP, rdomains, relayd, ifstated, openbgpd, ospfd, opensmtp, unbound, nsd and sane ipsec tools among others in the base system allow for some amazing possibilities. Config file syntax of the various tools has been converging on a nice, consistent, mostly self-documenting "standard" as well.

Constant auditing and refactoring has proactively fixed many holes before that were used in exploits on other platforms, and has brought a steady improvement in performance over the years.

As others have pointed out the entire system has a very consistent and well integrated feel. The documentation is very well maintained.

Support of devices with poor documentation or binary blobs has been slow to come, but does eventually tend to make it into the system. 802.11n on atheros is the example of something I personally had to wait a long time for.

I use OpenBSD on my personal server. It does not do anything advanced, but runs email, a few websites, IRC bots, and such. I am not a professional systems administrator, nor do I consider myself a particularly competent one (I'm a compiler researcher). OpenBSD is the only system where I feel confident that what I have set up will be reasonably functional and secure. This is partly because OpenBSD comes with sane defaults and excellent documentation, but also because most software in the base system has fairly few features, and is focused on the common case, so I have less rope with which to hang myself. At the same time, it is so simple that I can actually understand in detail what's going on, and what the configuration files do.

Experienced systems administrators may have other reasons for preferring OpenBSD - I really wouldn't know. To me, OpenBSD certainly fills a niche for someone who is fundamentally knowledgeable about computers (and willing to read documentation and write configuration files), yet is not a full-time sysadmin.

Same as others below I use it as a firewall and have used OpenBSD since it was available for my Sparcstation IPC.

Don't get me wrong - my lab desktop at work is Fedora 26, my little lab boxes are mostly running Debian Stretch and I'm an RCHE current on things like SystemD who has a ton of RH boxes I support day in and day out. But OpenBSD is very old school UNIX in its simplicity; there is no cruft in the base OS because it's really built for a few specific purposes.

There are downsides to running OpenBSD; it didn't win any packet shifting races versus other BSDs last I looked, but it is (arguably) the most secure of the BSDs and for a firewall it is undeniably otherwise fit for purpose. Any old $100 refurbished PC from Microcenter and a couple of Intel NICs are all you need to build a whitebox firewall with lots of interesting knobs.

Every time I upgrade I literally throw all my configs to a USB stick, put in a new hard drive and do an install from scratch. Copying configs back and looking for changes between the distributions is the relatively painless work of a couple of hours and forces me to make sure nothing major has changed either in behavior of or the software packages themselves.

If there's any downside to OpenBSD it is that it isn't newbie friendly... I call it a full contact operating system because some of the list members can be abrupt to folks asking questions found in the FAQ.

I've used FreeBSD on my laptop (lenovo x201) for a long time, I've also installed OpenBSD from time to time. The rumors on the internet was that OpenBSD had better hardware support. I remember someone claiming that whereas FreeBSD developers use VMs to develop, OpenBSD devs used native machines (mostly laptops). I faintly remember that installing OpenBSD was harder than FreeBSD. FreeBSD came with a terminal graphical installer, partioning etc. happened automatically.

The problem I had with BSDs was that they were slower than Linux. Especially when it came to boot times, Linux booted up in seconds due to parallel starting of system services. On FreeBSD the same machine with an SSD took nearly half a minute to boot. Some people here on HN had advised me to use a parallel system initializer, or never completely shutdown my laptop. Always keeping the laptop at sleep did not work for me, because I was (and am) very paranoid when it comes to computers, I can't sleep if my computer is not shutdown and has an ethernet cable plugged into it. Using a parallel system initializer did not work, because I was too lazy to set one up.

Battery consumption was another issue. Although FreeBSD provided decent battery life, utilities like powertop did not exist for BSD platforms.

What I liked about FreeBSD was that it was a pure OS. When I opened htop, I could see only a handful of processes running, and I knew what each process did.

On the other hand, everything required manual configuration. I basically lived in the terminal to operate my laptop. But that is probably due to my lazyness to automate and write scripts.

I'd also be interested in the differences in day-to-day life between FreeBSD and OpenBSD.

It's generally easy to maintain on my server. With normally fewer than 40 processes/daemons running at any time, I can reason about what's going on, as opposed to Linux or macOS.

Downsides are that much of the system feels stuck in ancient times (there seems to be more support and documentation for tape drives than SSDs), the ongoing removal of sometimes useful software like sqlite from base, and anemic or absent support for secondary hardware platforms and features like Bluetooth.

Use it on all servers except our file server (FreeBSD and ZFS) and the required other software servers (RedHat and Windows). I like the ease of configuration and consistency.

The new syspatch has saved some time and other than getting a hang of disk partitions, the install is super easy.

I use it to run my mailserver (OpenSMTPd is awesome), among other things. It's also my default OS for non-x86 desktops/laptops (it works remarkably well on PowerPC Macs).

It's simple and (generally) correct. It has defaults that make sense. Its run control system is readable. OpenHTTPD and OpenSMTPD are the easiest daemons to administer I've ever used.

I have OpenBSD on my firewall, a small old machine running irssi and an old laptop for fiddling.

My experience is that it's simple to use and well documented.

I tried... but it has no 802.11n support, from my understanding. That was a deal breaker for me.

Also, I was using an ancient CardBus ethernet adapter and it kept freezing up. Works fine on Linux. It's just unfortunate that all the things I tried had problems.

Linux just worked on the system I was using.

Home router/firewall. Outer-most point in my network. Inside I have a turris and used to even have an Apple but the outer-most point has been an OpenBSD firewall since 4.x.

My first job in IT was such a prolific openbsd advocate that we were listed on their homepage as one of the companies that use openbsd.

My current opinion is that I would never put myself or anyone else through using OpenBSD. Linux can do anything it can and I've actually become an SElinux advocate in the last 2-3 years.

I do however trust it completely on my home firewall and it gives me some practice with BSD.

I use it on my think pad... Rock solid after I fudged it to use my favourite DE (i3) lighter on the CPU than freeBSD and a lot of interesting completeness. (like ifconfig being able to use WPA keys etc)

As a firewall it's unbeatable; I've been using it this way since late nineties. I fell in love with its simplicity and excellent performance. Everything just works. An old PC can handle huge traffic with ease, it's just a question of good NICs. Of course you can do pretty much the same on Linux, but in OpenBSD it's more elegant and coherent.

Mail server, web server, CalDAV and CardDAV server, and development laptop. Never looked back.

I use it wherever I can. It's my main desktop system at work and at home. I like the simplicity and reasonably conservative rate of change.

We use OpenBSD for our firewalls at work.

I've used it on my laptop. Primarily because it has had few vulnerabilities and is very stable.

Yes, I successfully run it two older MacBooks for server use. I haven’t tried WiFi or sound but everything else, including trackpad and X, worked fine for me. There were other tweaks to make suitable for a server, but OpenBSD has otherwise resurrected the laptops. Bonus: this hardware predates Intel ME.

If it has a Broadcom wifi, then you're probably SOL on that front