[txutxu]

I want to like the NetBSD project... but I see it as something for hobbies.

I can't see myself using it for serious production stuff.

Maybe it's not fair, maybe if I had spent as much time on it as I've spent on Linux, FreeBSD, OpenBSD... I could be a little bit more confident about it.

For example, I'm not confident about security work. I know, the less mainstream, the less botnets targeting it... but I'm not worried about botnets mainly.

Even for a minimal system, as the title say, I'm more confident building it in one of the operative systems that I'm more familiar with.

Still, I think that (Free|Net|Open)BSD, are something every systems engineer, should use and learn, at least for one year, at least once in life (if it's more, much better). It's like learning programming language B, even if everyday you use programming language A... It's like traveling... It is enriching and opens your mind.

[jaypatelani]

Regarding security of NetBSD:

"Specifically, the NetBSD source tree is periodically analyzed by two separate code scanners to maintain and improve code quality: Coverity - a commercial code scanner, and Brainy - a private code scanner developed by a NetBSD developer.

Several security features are available in NetBSD, including IPsec, a homegrown firewall (NPF), a file integrity system (Veriexec), a kernel authorization framework (kauth(9)), disk encryption (CGD), among others.

In terms of exploit mitigations, NetBSD supports a good number of modern features: W^X (in both userland and the kernel), Userland ASLR, Kernel ASLR, SMEP, SMAP, and a variety of other internal kernel bug detection features. Support for these mitigations sometimes depends on the capabilities of the hardware."

https://www.netbsd.org/support/security/

[txutxu]

I'm not following the project to much, my only experience with NetBSD was to bring back to life an i486 laptop with 4M of RAM, many years ago.

What I'm less confident (probably because of my ignorance, i'm talking without numbers) is by how many eyes are looking into security issues/bugs. How much time takes a port to be fixed and available to users, compared to other vendors, for example.

Not saying that there is not an excellent work of those involved, but maybe, more mainstream OSs have the two sides: more people working on new attacks, and more people watching for security issues, or paid to work on patching/packaging etc.

[hulitu]

> is by how many eyes are looking into security issues/bugs

Windows and Google have many eyes looking into security issues/bugs. This does not seem to have any effect.

[mrweasel]

My day job is solely Debian, so even acknowledging that I like OpenBSD and find NetBSD really interesting, I always find myself reverting back to: I'll just use Debian for this, it will be quicker.

Maybe there's something to be said for using an operating systems that is somewhat different for your home use and side project. Maybe it gives you a clearer separation of work and personal life?

If all you do everyday is code Python, Java, Go or whatever it might be, it's helpful to expose yourself to new and different languages like LISP, Haskell or Rust. It helps you see problems and solutions from different angles. Maybe the same is true for operating systems, I should try it out.

[txutxu]

It's an experience, some things give more issues, but other things are better and other just different. Documentation consistency, source code availability in the base install (recompile/optimize the OS gentoo style with a few commands), packet filter, following the whole FAQ, discovering the community blogs and IRC channels, etc

Many years ago, on my own house, I started as:

    ISP modem -> all things in one VLAN (1 switch segment)

Then I added:

    ISP modem -> Linux router -> Separated VLANs (home servers, LAN, WiFi, TV, games, etc)

Finally I did:

    ISP modem -> OpenBSD -> Linux firewall -> Home VLANs (LAN, WiFi, TV, games, etc)
                         -> Home servers

One more hop, but I did think "If someone wants to enter from the outside, will need to exploit 3 layers of TCP/kernel implementations, and switching VLANs, instead of one layer".

Really it was more an excuse to do things and learn... anyone can be attacked if targeted, even with 10 firewalls in front. Just by clicking a link, rendering a font, a PDF, etc... Nowadays I've moved to much, living rented and I only have a personal laptop (and one for job when provided).