[stackghost]

It's not meaningfully more secure than e.g. Debian.

Their claim to fame ("only two remote holes in the default install in X number of years") is definitionally only valid for the default install in its default configuration which means: no httpd, no smtpd, no unbound, etc. etc. etc.

The default install isn't very useful, because it doesn't do a lot, and so "only two remote holes" or whatever isn't really saying much.

For example: there are still CVEs popping up: https://nvd.nist.gov/vuln/detail/CVE-2024-11148

Linux has more CVEs because it's orders of magnitude more popular. OpenBSD has appalling performance, and more or less nobody uses it, so there just isn't a large focus on auditing and fixing it.

It's a great research project, but I would not run it on my personal devices. Not because it's "insecure" but because the putative security benefits do not merit the shockingly poor performance.

[irusensei]

> The default install isn't very useful, because it doesn't do a lot, and so "only two remote holes" or whatever isn't really saying much.

Thats not really true. Comes with spamd, pf, httpd, OpenSMTPD and others. Its actually one of the open source unix-like systems that packs more functionality out of the box.

Great firewall and VPN server. You can setup wireguard with just ifconfig.

[stackghost]

Again: It comes with them on disk, but are they enabled by default? If not, then they are not covered by their "default install" boast.

[gizzlon]

I get your point, but GP is right: You said "Default install", not enabled by default.

The default install is actually very useful, and includes a lot, like parent said. Having run OpenBSD in the past, I found the their versions of things were often superior, at least for small setups (and some of them for large installs as well.. probably : )

[SoftTalker]

I use it on my ~10 year old desktop as my everyday OS. Performance may be measurably worse on benchmarks, but I never notice it doing regular stuff as a user. It's fine.

[Melatonic]

Don't most people use something FreeBSD based for production use ? I was under the impression OpenBSD was more used for testing and security research.

For personal devices I'm not sure why anyone would run a BSD in the first place

[tolciho]

Easy to install and upgrade, sane defaults, good documentation, lack of waffleburgers of complexity, so I'm not sure why anyone wouldn't run OpenBSD in the first place. Granted I put Windows in the unusable bin and it's been there for decades now and sounds like it is getting worse, what passes for Mac OS X these days is not so good given that you have to disable some security thing to properly kill the annoying and disruptive notification system, among other annoyances still being fueded with, and I gave up on Linux after trying to support that waffleburger in production for a year or two.

[stackghost]

OpenBSD is absolutely a research OS and that's okay.

My understanding is that Netflix used to use FreeBSD to serve video, but I read somewhere they're no longer using it. Not sure how true that is.

Some game consoles like the Playstation run a modified FreeBSD as their OS.