[IOML] The dark side...

Dylan Smith dyls at dylansmith.co.im
Sat Jun 7 19:01:01 2003


The power of the dark side is strong..

I admit it.
I tried OpenBSD last week (http://www.openbsd.org). I've been meaning
to try out one of the BSDs for years, ever since they got that court
case settled with AT&T in the early 90s.

Looking for something to implement instead of the hideous monstrosity
that is Checkpoint, I thought I'd investigate OpenBSD and it's 'pf'
packet filter. Installing OpenBSD feels a bit like installing Linux
back in 1993 - the installer is extremely primitive. However, it doesn't
take long to do (I think now I have the files, I could install the next
one in around 5 minutes). It's certainly a contrast to the route
RedHat has gone down. However, I think OpenBSD would benefit a lot
if they ported Debian's 'apt' based package system.

The default install is very light and ideal for firewalls, although to
make OpenBSD do anything useful on the desktop, you'd need to spend quite
a bit of time installing packages which don't come with the distribution.
For a server, the nearest I can compare it to in the Linux world is
Debian. You can make a nice, lightweight Deb install for the same sort of
job (and indeed, I use a lightweight Deb for user-mode Linuxes because of
this).

OpenBSD certainly has a place in a Linux network. Being a Unix-type
OS, it fits together nicely with Linux systems, especially for lightweight
firewalls or machines used to set up VPNs (it comes with IPsec built in,
which Linux should get built in when the 2.6 kernel series is out).
It also has really, really nice manual pages :-)

-- 
Dylan Smith, Castletown, Isle of Man      | Code fast, crash young and
Flying: http://www.dylansmith.net         | leave a beautiful core.
FFE/Elite Universe: http://www.alioth.net |             -- JK (#afe)