Comment Re:Firewalling on BSD (Score 2, Informative) 236
** Flame disclaimer - comments below are my opinion and personal experience **
Question to you or anyone. Why would it not be a good desktop system? Just ease of use, or lack of apps, or what?
A combination of all of the above. Getting Gnome/KDE working on FreeBSD isn't quite as no-brainer-ish as it is on say RH9 or Suse. Getting it working on OpenBSD (as with most apps) is another notch up the difficultly ladder. Anyone who knows what ~/.xinitrc means will have OBSD or FBSD up and running with their desktop of choice in an evening, but expect more 'care and feeding' initially.
Aren't most apps that most folks use on a typical desktop available? Browser, email, chat client, media players, editors, etc?
Yes. The vast majority are, and with ports you have the option of a Gentoo-like optimized compile for your hardware.
Just wondering because I keep threatening myself to switch from Linux, for better firewalling and a tighter but smaller community.
This goes both ways, sometimes its more difficult to find a solution to your specific problem in the community. Also, some of the OBSD folk have been known to be a bit....a....abrasive(?)
I like that the apps get relooked at,audited before inclusion, I like that part a LOT, because I didn't know they did that. That makes sense to me. I'd rather have fewer apps, but better quality apps. I take it this concept is unique to openBSD?
Again, its a choice you get to make as far as the trade-off. The OBSD folks only do the heavy-duty auditing on the core system components (look at the web site to find out what these are). You can build an outward-facing box running these applications and know you're really getting some of the best of what's out there. OTOH, you can download source and compile this that and the other thing with X and everything else, to some degree compromising the "bulletproof OS" idea, but trading that for usability. It comes down to the trade-offs you're willing to make, and to me, it seems like most Linux variants target maximum compatibility with HW and SW, and maximum usability, potentially at the expense of performance and security and reliability. FreeBSD seems to focus on reliability, and secondarily performance and security, with a fair bit of effort still spent on usability. OBSD focuses maximum effort on security, and everything else is secondary - if something has to be sacrificied in the name of security, it is done without question, regardless if it is a minor change or a major usability or friendly feature.
Reading the description in the article for installing and a few tweaks doesn't seem that difficult at first glance. I am impressed with their claim of only one remote exploit in many years.
You can install a base system in 30 minutes using 500MB of disk if you follow the handbook on the first page of the web site. Its worth at least an evening to investigate.
Last question, how does it run on older hardware in a GUI desktop environemnt? Acceptable, fast, dog slow, what? Similar to linux from one of the big vendors?
X is X. No getting away from that.
What is a practical minimum set of hardware specs for a good GUI environemnt?
I've run a "usable" system on a 500 Celeron with 256M of RAM without tweaks. I wouldn't build brains on it, but it did what I needed.
Sorry for all the questions, but I truly am interested. The more I am on the net, the more security I want, and this latest month has seen just a slew of potentially bad news exploits. I don't want to fool with it, I think it makes more sense to start out with the best and most secure system and learn and build from that, rather than patch and patch and patch all the time and sit and surf with your fingers crossed.
At least build one OBSD as a router/firewall and put your more vulnerable machines behind it. I think a few others here have done similarly with good results.
Question to you or anyone. Why would it not be a good desktop system? Just ease of use, or lack of apps, or what?
A combination of all of the above. Getting Gnome/KDE working on FreeBSD isn't quite as no-brainer-ish as it is on say RH9 or Suse. Getting it working on OpenBSD (as with most apps) is another notch up the difficultly ladder. Anyone who knows what ~/.xinitrc means will have OBSD or FBSD up and running with their desktop of choice in an evening, but expect more 'care and feeding' initially.
Aren't most apps that most folks use on a typical desktop available? Browser, email, chat client, media players, editors, etc?
Yes. The vast majority are, and with ports you have the option of a Gentoo-like optimized compile for your hardware.
Just wondering because I keep threatening myself to switch from Linux, for better firewalling and a tighter but smaller community.
This goes both ways, sometimes its more difficult to find a solution to your specific problem in the community. Also, some of the OBSD folk have been known to be a bit....a....abrasive(?)
I like that the apps get relooked at,audited before inclusion, I like that part a LOT, because I didn't know they did that. That makes sense to me. I'd rather have fewer apps, but better quality apps. I take it this concept is unique to openBSD?
Again, its a choice you get to make as far as the trade-off. The OBSD folks only do the heavy-duty auditing on the core system components (look at the web site to find out what these are). You can build an outward-facing box running these applications and know you're really getting some of the best of what's out there. OTOH, you can download source and compile this that and the other thing with X and everything else, to some degree compromising the "bulletproof OS" idea, but trading that for usability. It comes down to the trade-offs you're willing to make, and to me, it seems like most Linux variants target maximum compatibility with HW and SW, and maximum usability, potentially at the expense of performance and security and reliability. FreeBSD seems to focus on reliability, and secondarily performance and security, with a fair bit of effort still spent on usability. OBSD focuses maximum effort on security, and everything else is secondary - if something has to be sacrificied in the name of security, it is done without question, regardless if it is a minor change or a major usability or friendly feature.
Reading the description in the article for installing and a few tweaks doesn't seem that difficult at first glance. I am impressed with their claim of only one remote exploit in many years.
You can install a base system in 30 minutes using 500MB of disk if you follow the handbook on the first page of the web site. Its worth at least an evening to investigate.
Last question, how does it run on older hardware in a GUI desktop environemnt? Acceptable, fast, dog slow, what? Similar to linux from one of the big vendors?
X is X. No getting away from that.
What is a practical minimum set of hardware specs for a good GUI environemnt?
I've run a "usable" system on a 500 Celeron with 256M of RAM without tweaks. I wouldn't build brains on it, but it did what I needed.
Sorry for all the questions, but I truly am interested. The more I am on the net, the more security I want, and this latest month has seen just a slew of potentially bad news exploits. I don't want to fool with it, I think it makes more sense to start out with the best and most secure system and learn and build from that, rather than patch and patch and patch all the time and sit and surf with your fingers crossed.
At least build one OBSD as a router/firewall and put your more vulnerable machines behind it. I think a few others here have done similarly with good results.
