mirror of https://github.com/openbsd/www.git
234 lines
10 KiB
HTML
234 lines
10 KiB
HTML
<!doctype html>
|
|
<html lang=en>
|
|
<meta charset=utf-8>
|
|
|
|
<title>OpenBSD: Users' Views</title>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<link rel="stylesheet" type="text/css" href="openbsd.css">
|
|
<link rel="canonical" href="https://www.openbsd.org/testimonials.html">
|
|
|
|
<h2 id=OpenBSD>
|
|
<a href="index.html">
|
|
<i>Open</i><b>BSD</b></a>
|
|
Users' Views
|
|
</h2>
|
|
|
|
<hr>
|
|
|
|
<p>
|
|
Many users have commented on their use of OpenBSD.
|
|
The following are unsolicited comments from our public mailing lists or,
|
|
occasionally, other mailing lists (these have links to the original articles).
|
|
Postings have been shortened, and edited slightly for spelling and grammar,
|
|
but are otherwise unchanged.
|
|
|
|
<hr>
|
|
|
|
<h3>Jules Desforges wrote this in an introduction to the
|
|
<a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2010-June/000022.html">
|
|
ukopenbsdusers mailing list</a>:</h3>
|
|
<p>
|
|
My name is Jules and I live in Kent. I've been using OpenBSD since 2.9.
|
|
I have OpenBSD running on 6 x Nexcom NSA1086's to provide core routing
|
|
between our Data Centres. All the routes are running from read-only
|
|
Compact Flash. Largely runs untroubled, pushing ~ 400Mb/s.
|
|
Main motivation was the cost savings compared to equivalent
|
|
Junpier/Cisco kit.
|
|
I hope to be testing the new MPLS code soon.
|
|
|
|
<h3><a href="mailto:SKohrman@apu.edu">Shawn Kohrman</a> writes:</h3>
|
|
<p>
|
|
As a Security/Network Administrator for over ten years, I have to say
|
|
OpenBSD is hands down the best out-of-the-box OS I have seen yet. I
|
|
have worked with MS NT/2000, Linux (from its humble beginnings),
|
|
Solaris, etc. OpenBSD is simple, clean, secure and reliable. Many
|
|
thanks to the developers for an outstanding job.
|
|
|
|
<h3><a href="mailto:kristoff@phatness.net">Kris Wilkinson</a> writes:</h3>
|
|
<p>
|
|
I've been securing networks for quite some time now, and until recently
|
|
when I installed Open BSD 3.0 I never realized how easy my life could have
|
|
been had I tried it earlier.
|
|
After experiencing all the "other" operating systems available, 3.0 has to
|
|
be the most secure, easily managed and well organized package I have ever seen.
|
|
Not only is it completely cutting edge, it focuses on the smaller points of
|
|
security which I'm tired of having to manually tweak every time you setup a box.
|
|
<p>
|
|
I am securing networks all over Alberta using your fantastic
|
|
setup. Thank you so much! Keep up the incredible work.
|
|
|
|
<h3>Matthew Haas says this:</h3>
|
|
<p>
|
|
I've been very impressed with OpenBSD since my decision to install it.
|
|
Definitely a great system, reminds me of my Slackware days, but better.
|
|
<p>
|
|
Thanks.
|
|
|
|
<h3>
|
|
<a href="mailto:webmaster@2600.org.au">Grant Bayley</a>,
|
|
an IT Manager from Australia, writes:</h3>
|
|
<p>
|
|
By way of success stories, since a few of us at 2600 Australia started
|
|
using OpenBSD about 12 months ago now in some form or another, we've seen...
|
|
friends load it onto their machines and been simply amazed
|
|
at the quality of it, in particular the forethought that goes into
|
|
securing things out of the box.
|
|
<p>
|
|
We've also had one of our guys working at an ISP go head-to-head with an
|
|
in-house SuSE zealot of sorts on a compatibility, stability and security
|
|
test in advance of them selecting an operating system for their servers
|
|
(which, while using RedHat, had been rooted at least once). OpenBSD passed
|
|
with flying colors and as of today, they're beginning a roll-out of 2.6
|
|
onto their servers, mostly using stock components and software from the
|
|
ports tree (qmail, cucipop etc).
|
|
|
|
<h3>System and Network Administrator Jeff Schneiter offers this:</h3>
|
|
<p> With a frozen budget it sure makes one squeeze every last
|
|
bit of power out of whatever hardware one can lay his hands
|
|
on... and thanks to OpenBSD, I have been doing just that.
|
|
|
|
<h3 id=sarendal><a href="mailto:tony@polarcap.org">Tony Sarendal</a> says this:</h3>
|
|
<p>I tried OpenBSD because of the IPsec support.
|
|
The reason I stick with it is because it really is nice to use
|
|
and it gives a feeling of quality which no other OS can match.
|
|
<p>
|
|
I did some programming on an OpenBSD machine, after this I really
|
|
appreciated the man pages. Other Unices I used had man pages that
|
|
simply weren't any good.
|
|
<p>
|
|
Keep up the good work guys.
|
|
|
|
<h3>Security Engineer Tyler Allison writes:</h3>
|
|
<p>
|
|
I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
|
|
highly secure environments. (yes you can secure Linux and Windows NT in
|
|
this environment :) ). Having said that I have to point out that if you
|
|
want a minimum administration to keep up with security issues option you
|
|
need to pick OpenBSD by far. It is not uncommon for people to go years without
|
|
updating their production OpenBSD machines because they are just rock solid
|
|
and there are no known "remote" vulnerabilities. Thus no good reason to
|
|
upgrade...
|
|
<p>
|
|
I would feel perfectly happy to have one of my [novice] interns do a basic
|
|
OpenBSD install on a PC (no extra security work after the install) and then put
|
|
the companies crown jewels on that machine and then walk away for a year.
|
|
Knowing full well that machine hasn't crashed, been broken into or in need
|
|
of an OS upgrade. You can't say that about NT or Linux.
|
|
Or if you do you obviously haven't ever used the product that way :)
|
|
<p>
|
|
Another thing that I hear people point out is go check your local exploit
|
|
site or vulnerability alert mailing list and see if you can find a "remote"
|
|
root level exploit that works on OpenBSD. I dare say you won't find any that
|
|
are less than 12 months old.
|
|
|
|
<h3>Jan Johansson gave this reply to a "how do I build a cheap web server?" query:</h3>
|
|
<p>
|
|
I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.
|
|
<p>
|
|
After reading Bugtraq for some weeks I will say that I will never put
|
|
any (important) machine on the Internet if there is not a firewall in
|
|
front and for packet filtering I go for OpenBSD...
|
|
<p>
|
|
For a cheap web server I say hardware from a known vendor, an ordered
|
|
OpenBSD CD-ROM and Apache...
|
|
|
|
<h3><a href="mailto:wyodlows@nj.devry.edu">
|
|
William Yodlowsky</a> at Devry Institute wrote:</h3>
|
|
|
|
<p>
|
|
[A few] years ago I was just getting into system administration. I learned
|
|
Linux first. Then one of our old (I mean *really* old) BSDi servers
|
|
crashed, and it was up to me to rebuild the system.
|
|
<p>
|
|
I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down
|
|
to "secure and stable" that took the prize. OpenBSD 2.1 was installed.
|
|
<p>
|
|
Since then, I've run 2.1-2.5 on everything from production servers to
|
|
laptops. We've never (repeat: NEVER) had a break-in.
|
|
<p>
|
|
A coworker setup a RedHat based box to test his skills at setting up SSL
|
|
and a secure web site.
|
|
It was hacked literally overnight, and by the next morning was attacking
|
|
other sites.
|
|
<p>
|
|
Our OpenBSD servers were probed and then left alone.
|
|
<p>
|
|
In the intervening two years, that original server got upgraded
|
|
and patched several
|
|
times and the OS never gave us reason to question the reliability or
|
|
security of OpenBSD.
|
|
<p>
|
|
We have another box, acting as a router for about 800 workstations doing
|
|
very basic filtering and NAT. It's on a P120 with 32MB RAM and typically
|
|
the uptime would look like this:
|
|
<pre>
|
|
% uptime
|
|
9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06
|
|
%</pre>
|
|
<p>As well, OpenBSD runs on my laptop.
|
|
A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.
|
|
<p>
|
|
And it never crashes :)
|
|
<p>
|
|
One other incident that made me a believer... we were pingbombed
|
|
[perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
|
|
900 different hosts on different networks floodpinging an OpenBSD 2.3 box
|
|
simultaneously, while it was processing email and web pages for 3500 users.
|
|
<p>
|
|
It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
|
|
but never crashed :-)
|
|
|
|
<h3>John J. Adelsberger III said this about us in Bruce Schneier's
|
|
<a href="http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders">
|
|
Crypto-Gram</a>:</h3>
|
|
<p>
|
|
(the comments he is responding to are Schneier's)
|
|
<blockquote>
|
|
<p>
|
|
Real systems show no signs of becoming less
|
|
complex. In fact, they are becoming more complex,
|
|
faster and faster. Microsoft Windows is a poster
|
|
child for this trend to complexity.
|
|
<p>
|
|
...
|
|
<p>
|
|
The other choice is to slow down, to simplify,
|
|
and to try to add security.
|
|
</blockquote>
|
|
<p>
|
|
OpenBSD does this. <em>I am unaware of any other group whose workings
|
|
are publicly viewable that does so</em> [emphasis added], which is regrettable, because
|
|
I would prefer not to have this appear as an OpenBSD plug; rather,
|
|
my purpose is to point out that not only is this approach feasible,
|
|
but it is being done.
|
|
|
|
<h3>Andrew Hermetz commented as follows:</h3>
|
|
<p>Hey all,
|
|
<p>Just wanted to drop a line and thank all who have worked to make OpenBSD
|
|
such a clean, cool, & efficient project.
|
|
<p>Major kudos to Theo for being a man ahead of his time! ;-)
|
|
<p>As I have to frequently explain to people *why* security is important at
|
|
all ("if you have nothing to hide...", "nothing you do is important enough to
|
|
warrant encryption...", "only criminals and terrorists need to sneak around
|
|
anonymously...", etc. ad nauseam), let alone *why* it's important in this day
|
|
and age of personal networks behind a DSL or even a full T1, I love being able
|
|
to point them to a page which sets out a well-reasoned explanation for taking
|
|
computer security seriously.
|
|
<p>[... OpenBSD installed]
|
|
effortlessly onto a Pentium 90 Compaq LTE 5100 laptop — even the no-name
|
|
brand LAN card came right up and did a kickass install over a friend's office
|
|
T1. When I sing its praises, the thing that seems to get most people is its
|
|
spartan look & feel, but I like knowing where everything is and not having a
|
|
distro that shoves [stuff] into dark corners I'll never find...
|
|
|
|
<h3><a href="mailto:ben@wbpsystems.com">Ben Smith</a>, president of
|
|
<a href="http://www.wbpsystems.com">wbp systems</a> says:</h3>
|
|
<p>
|
|
OpenBSD is the most secure operating system
|
|
<a href="http://www.wbpsystems.com">wbp systems</a> has ever used.
|
|
With all of our products, OpenBSD has allowed us to focus on our customers
|
|
instead of tweaking the OS to make it secure.
|
|
Internally we use OpenBSD for everything imaginable.
|
|
With its rock solid performance, we never have to worry about a file
|
|
server, proxy server or application server crashing.
|