I'm impressed that they still maintain PA-RISC support even though HP discontinued that architecture in 2008.
They maintain all these architectures in such a small, consolidated codebase with such minimal (if any) bloat.
Their built-in httpd is far and away the best experience I ever had setting up a static file server for my local network, and I can't think of many times where I would ever need anything I couldn't do with the built-in FastCGI support.
I'm also pleasantly surprised by how well Chicago95 (a Windows 95-style UI based on xfce) works on OpenBSD, even though the author never intended to run it on anything but xubuntu. I wouldn't recommend trying that unless you're willing to roll up your sleeves, but the payoff definitely justifies the elbow grease if you like that look and feel better than xenodm, XFCE, or GNOME.
When I was in the college in the early 2000s, I had a friend who ran OpenBSD. He always sang its praises, mostly because it was the most secure operating system.
I tried a bunch of Linux Distributions and FreeBSD before mostly settling on MacOS, but never actually got around to running it.
Glad to see OpenBSD is still being actively developed.
SEV and CC in general looks interesting seeing the slides. I hadn't heard of it yet.
Someone more knowledgeable than me will say if these encrypted VMs are also protected from bugged modules within the SoC or on the bus besides being protected from the hypervisor.
It also seems that they are adding inter-core features but I don't know whether they are related to removing locks within the kernel, embedded applications, or if they are moving to micro-kernel internally.
No, these encrypted VMs are not protected from buggy or malicious on-die components. SEV assumes that the SoC hardware is trusted.[1] And we don't even have to go that deep: both AMD SEV and Intel's equivalent, Intel SGX, have historically been vulnerable to side-channel and speculative-execution attacks, among others, that can undermine their isolation guarantees.[2]
[1]: "As with the previous SEV and SEV-ES features, under SEV-SNP the AMD System-on-Chip (SOC) hardware, the AMD Secure Processor (AMD-SP), and the VM itself are all treated as fully trusted." https://www.amd.com/content/dam/amd/en/documents/epyc-busine...
backdoors in the supply chain are always hard to avoid but if it can't even protect against third-party attackers including any of the hardware attached what's the point
Rip-packs and drill guards are designed for running system protection. Those don't protect against compromised components, though, so select your hardware with care?
I'm surprised seeing improvements in Suspend/Hibernate support.
I've used OpenBSD on laptops before and it was _fine_. I thought they primarily target servers. This feels like laptop specific improvements. Perhaps to the benefits only to those developing OpenBSD.
Apple generally has excellent sleep support, even on my old falling-to-pieces unibody which would KP if you looked at it funny I don’t remember résume ever being a concern.
I’m not going to say their ever degrading software quality won’t affect that one day, and I know that some updates have caused issues for some people, but I genuinely can’t remember it ever failing me and not doing its job correctly.
The most compact, minimalist general purpose OS out there by far. Tiny memory footprint and loaded with network services built-in.
Linux has become so bloated its users can't in good conscience make fun of Microsoft anymore, they are worse.
Debian refuses to install with less than 512MB RAM, the text only installer will choke with less than that, it's pathetic. That's a console-only install, no GUI.
Meanwhile OpenBSD running all the default network services like sshd and smtpd uses < 32 MB RAM and that's with full ksh and real tools. That doesn't happen by accident.
I'm impressed that they still maintain PA-RISC support even though HP discontinued that architecture in 2008.
They maintain all these architectures in such a small, consolidated codebase with such minimal (if any) bloat.
Their built-in httpd is far and away the best experience I ever had setting up a static file server for my local network, and I can't think of many times where I would ever need anything I couldn't do with the built-in FastCGI support.
I'm also pleasantly surprised by how well Chicago95 (a Windows 95-style UI based on xfce) works on OpenBSD, even though the author never intended to run it on anything but xubuntu. I wouldn't recommend trying that unless you're willing to roll up your sleeves, but the payoff definitely justifies the elbow grease if you like that look and feel better than xenodm, XFCE, or GNOME.
> Chicago95
I did a thing. :-)
https://www.linkedin.com/posts/brynet_openbsd-activity-73074...
hmmmmm youth.
I remember running windows95 overnight so that it could be a "server".
The next morning, moving the mouse was making the harddrive go nuts, it was paging just by moving the cursor!
Memory leak galore.
This makes me want to run linux as my daily driver! [1]
[1] https://github.com/grassmunk/Chicago95/blob/master/Screensho...
Well Windows 95 was never a server. MS already had the much better NT and in those days it was not bloated.
When I was in the college in the early 2000s, I had a friend who ran OpenBSD. He always sang its praises, mostly because it was the most secure operating system.
I tried a bunch of Linux Distributions and FreeBSD before mostly settling on MacOS, but never actually got around to running it.
Glad to see OpenBSD is still being actively developed.
Congrats on another release. Upgrading my machines went without a hitch :)
Same.sysupgrade went flawlessly.
Has anyone benchmarked TCP performance now that it's outside of the global kernel lock?
I wonder how useful this will be for the modest but still multicore systems used for firewalls.
SEV and CC in general looks interesting seeing the slides. I hadn't heard of it yet. Someone more knowledgeable than me will say if these encrypted VMs are also protected from bugged modules within the SoC or on the bus besides being protected from the hypervisor.
It also seems that they are adding inter-core features but I don't know whether they are related to removing locks within the kernel, embedded applications, or if they are moving to micro-kernel internally.
No, these encrypted VMs are not protected from buggy or malicious on-die components. SEV assumes that the SoC hardware is trusted.[1] And we don't even have to go that deep: both AMD SEV and Intel's equivalent, Intel SGX, have historically been vulnerable to side-channel and speculative-execution attacks, among others, that can undermine their isolation guarantees.[2]
[1]: "As with the previous SEV and SEV-ES features, under SEV-SNP the AMD System-on-Chip (SOC) hardware, the AMD Secure Processor (AMD-SP), and the VM itself are all treated as fully trusted." https://www.amd.com/content/dam/amd/en/documents/epyc-busine...
[2]: https://libroot.org/posts/trusted-execution-environments/
bummer
nice overview article btw
backdoors in the supply chain are always hard to avoid but if it can't even protect against third-party attackers including any of the hardware attached what's the point
Rip-packs and drill guards are designed for running system protection. Those don't protect against compromised components, though, so select your hardware with care?
OpenBSD 7.8 release artwork by "Apsephion"
https://www.openbsd.org/images/Terraodontidae.png
https://www.openbsd.org/images/puffy78.gif
https://www.openbsd.org/78.html
Ooh, looks like the Raspberry Pi 5 is now supported!
Great work from the OpenBSD team. Happily suprised to the continued commitment to support new hardware.
I'm surprised seeing improvements in Suspend/Hibernate support.
I've used OpenBSD on laptops before and it was _fine_. I thought they primarily target servers. This feels like laptop specific improvements. Perhaps to the benefits only to those developing OpenBSD.
The OpenBSD developers (in)famously use ThinkPads almost exclusively, so it works really great on ThinkPads, and much less well on other laptops.
Incidentally it was also on a thinkpad that I had installed it.
Honestly I've never owned any other laptops than thinkpads and macbooks. Every other laptop I've ever touched in a computer shop left me with "eww".
Every computer I have ever owned has regularly failed miserably at suspended, or more accurately resuming.
Even my Steam Deck, with it's top down firmware and OS development regularly fails to suspend our freezes on resume.
Apple generally has excellent sleep support, even on my old falling-to-pieces unibody which would KP if you looked at it funny I don’t remember résume ever being a concern.
I’m not going to say their ever degrading software quality won’t affect that one day, and I know that some updates have caused issues for some people, but I genuinely can’t remember it ever failing me and not doing its job correctly.
I'll bite. You ever owned a macbook?
Sounds like they only thing they've owned. But maybe I'm running the perfect windows and linux distros.. and my macs are out of spec.
The most compact, minimalist general purpose OS out there by far. Tiny memory footprint and loaded with network services built-in.
Linux has become so bloated its users can't in good conscience make fun of Microsoft anymore, they are worse.
Debian refuses to install with less than 512MB RAM, the text only installer will choke with less than that, it's pathetic. That's a console-only install, no GUI.
Alpine Linux is similar in spirit to openbsd, slim and secure but perhaps with less features oobe.
They cheat and use busybox.
Meanwhile OpenBSD running all the default network services like sshd and smtpd uses < 32 MB RAM and that's with full ksh and real tools. That doesn't happen by accident.
lol Linux Mint with latest KDE is WAY snappier and quicker to start than Win10 on my laptops
I love it you can still install the latest OpenBSD on 32MB RAM systems.
you're right, 60MB for alpine is really pushing hardware capabilities in 2025
[dupe] https://news.ycombinator.com/item?id=45660634