Slashdot Mirror
A BSD For Your PHB
Kelly McNeill writes "The reaction one gets when attempting to get a manager in a corporate environment to consider an alternate operating system can sometimes be likened to a typical dilbert comic strip. Joseph Mallett contributed the following editorial to osOpinion/osViews which suggests that if you present the case properly, your pointy haired boss will make the right decision when choosing a Unix operating system to run the business."
Just do what I do, don't tell him.
your pointy haired boss will make the right decision when choosing a Unix operating
And what is the "right" descision?
Choosing BSD over Solaris or HP-UX because it's almost free at the point of acquisition?
No, I haven't RTFA and my "boss" doesn't have pointy hair either.
He does, however, make business descisions based on whatever makes the best sense for the business.
(repost from OsViews, anonymous for avoiding karma whoring/damage)
nano is a free replacement for pico (which is encumbered in some fuzzy licence I think), and is available in OpenBSD through the portstree or as a package. I highly recommend it for those of us that can't stand typing obscure key-combinations in editors.
Now, I'm a OpenBSD junkie, but still, I wouldn't dream of building a firewall, DNS, or static webserver on anything else than OpenBSD. ProPolice and the Write-XOR-Execute technology gives me a varm feeling. Not to speak about the privilege separated, chrooted bind, chrooted Apache (with some extra 3-4000 thousands lines of security fixes over stock Apache), and a kick ass firewall solution (stateful, trafic shaping, redundant failover solution).
As the article says, it may not be the best choice for every situation, but in this department it really shines.
That doesn't stop me from running OpenBSD as my primary desktop though. :-)
What the hell are you talking about?
I ditched OpenBSD a while ago for FreeBSD on my firewall (been using it on laptops and fileserver for aeons now.) I didn't find the upgrade procedure easy or transparent, and while my questions to various help mailing lists were usually answered in at least some civil manner, I've seen plenty of perfectly reasonable ones that just elicited idiotic flames ("you're just not '1337 enough to run this OS") to make me wonder.
I am not questioning the quality of OpenBSD (or any *BSD/Linux.) I know people who happily use it as their OS for all desktop-type work. I switched because I had too many odd (quite possibly atypical) problems that I just didn't have the time to get into, and yes I do RTFM before doing stuff on my boxes. I also banished FreeBSD from my laptop in favor of Debian because I just didn't think it adequately supported things like ACPI, my wireless card, and other things that, for a machine I use to do loads of non-technical work, should "just work".
Like it or not, and this is the wave of stupidity that usually breaks against the immovable seawall of OS fanaticism, there are things that I just don't want my PHB to be involved in. Just like having a car and just wanting to send it to the garage for regular checkups and having it function shouldn't disqualify you from driving, nobody should _have_ to use an alternate OS just because it's the right thing to do in someone's opinion.
That said, if a PHB actually can be made to want to muck with OpenBSD or Linux or whatever as a desktop OS, great! I'm all for it, I think it's great! I think it's nice that people like Mallett make a convincing, well-argued case for how/why to use a non-commercial OS for daily tasks. I like the article; he does not resort to zealotry or preaching.
Bottom line, if you can make a well-founded, logical argument, and you have a boss who's receptive to trying new things (or has time) you may have rewarded him by giving him something new and interesting to try out. If not, well, feh, let him use his Windows box and you use whatever you're happy with or have to.
Cole's Law: Thinly sliced cabbage
Use BSD instead of Linux for no apparent reason. Use OpenBSD instead of FreeBSD because your stupid boss doesn't want something "free". Thanks -- what a helpful article!
While doing this within one organisational unit completely screws with your TCO (now instead of sitting smugly every time there is a Linux exploit, you now have to patch servers every time there is an exploit on Windows/Linux/FreeBSD/OpenBSD/....), having different departments or different companies have different distros.
If you really need fault tolerance, having two redundant systems running different software is an excellent idea if you're willing to pay for that level of support.
You can also avoid the monoculture effect by making your "strain" subtly different, for instance prelink lets you randomise the addresses in memory of dynamically loaded libraries making automated exploits harder (since all the addresses changed), or using something like gentoo where you compile everything from scratch with subtly different USE lines, or optimisations.
Even recompiling your kernel with certain options can change the machine enough that common automated exploits won't work.
This is why the proliferation of Linux distros are a good thing, you can have some level of diversity by installing different distros without getting so much diversity that you your support costs go through the roof.
Portability of Linux means you can run Linux on intel and powerpc chips causing almost all automated exploits to fail, but only requiring a recompile as far as software is concerned. This can be a good solution for having two servers in a load balanced, failover cluster by having each server running on a different architecture.
In general, Windows doesn't have these advantages, Windows isn't portable across platforms. Windows doesn't let you recompile large chunks of the OS with different options, Windows only has a limited range of "Editions" and different editions are usually unsuitable for running the same task. Windows is often lacking equivilent software (How many replacements for exchange are there? How many Linux MTA/MDA/MAA's are there?)
IntechHosting - Free domain, 2GB, PHP, £4.95/$8.95
"I've seen plenty of perfectly reasonable ones that just elicited idiotic flames ("you're just not '1337 enough to run this OS") to make me wonder."
You'll see those everywhere, and it's a side-effect of cheap access to the internet, whatever the OS. I doubt that you were using the better mailing lists or user groups, though.
I personally use windows desktops and FreeBSD servers. I've played with various distros of Linux, but I'm largely happy with my choices, although I will be migrating away from Windows as time permits in the near future. I tend to pick things on a fairly sound economical basis because I don't have the time to play with things and the 'just working' thing tends to mean I stabilise a machine and don't mess with it.
Oddly Draconis
Too cynical to live, too stubborn to die.
Why does this article keep saying, in effect, that OpenBSD is almost as good as FreeBSD? It took a little while for it to sink in, but now I get it.
The pointy-haired middle manager is never going to take your suggestion. But, if you forward him that article and tell him you want to use OpenBSD, he might just get brave and say, "what about FreeBSD?" -- then it will be his idea and you're in!!
K.C.
Who in thier right $deity damned mind lets their boss pick their OS? I don't know any boss I have that's educated enough to understand well enough what an OS is, let alone which one we should use.
Pretty Pictures!
*thumbs up* I haven't played with OpenBSD in about a year, but back then I found it unfriendly to install and encountered some hardware incompatibilities. I've always found FreeBSD to be thoroughly stable and reliable as a server OS.
As a firewall may I recommend MonoWall. It is a single CD (around 6Mb) BSD-based firewall/NAT solution with web-based administration, and is absolutely brilliant.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
in a small company, my bosses trust me enough to make a decision on what to use and don't care about the details. in a large company i'll go with the flow and use solaris, windows, whatever the company is invested in.
picking an os for your company for personal reasons is stupid and wrong, it's a business decision you are making.
How about a wonderful PDF file or other document which one can take to the PHB which explains exactly how *BSD would be a benefit? The article is a good one, but it doesn't offer any specifics, only some general guidelines. Is there a document available for those who want to *sell* OpenBSD to their (or another's) company?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Except that by default there is no limit on CPU usage. Maybe you just had a shell on someone elses openbsd machine and they chose to limit your CPU time in login.conf?
Yeah, the freebsd infinite install loop is so much more friendly than saying yes a couple times, partitioning your drive, saying "dhcp" and waiting 10 minutes for the download to finish. And for a firewall, you really can't beat pf (the freebsd port is incomplete). The devs concentrate on features that make it easier to create solid, reliable firewalls, easily. Even with redundant failover now.
Maybe you should have read the openbsd website, where it has a very complete guide that walks you through the entire installation, step by step, explaining everything in detail. You can even print it if you need to, although once you do an install a couple times, you'll never need it again.
"the one time I've had a problem with OpenBSD was when I accidentally killed the packet filtering program and left a vulnerable copy of Samba open to the outside world"
I'm no expert to unix, but is the author saying "I had trouble with OpenBSD that one time when I totally shut down my firewall and let the world openly explore my network by accident"
if this article is aimed at convincing the PHB's to embrace BSD over Linux, yeah, thats one comment that might have been okay not to fully disclose, while still keeping full journalistic integrity...
Here's to finally giving Bush his exit strategy in November
Why? Because it doesn't have a little graphical paperclip saying "Would you like to install the OS?"
OpenBSD's installer is absolutely the simplest OS installer I've ever seen. The only "difficult" things is that you have to partition the hard drive yourself, unlike the Linux/Windows world, where the installer just wipes your drive, and installs one single huge partition.
You need to elaborate. Are you talking about unsupported hardware? If so, the only thing OpenBSD didn't support in the old days, was my sound-card, and not only is that not an issue for a server, but soundcard support has much improved in the past couple years.
If you has some "incompatibilites", I'd be even more interested. OpenBSD has been better than any other OS at automatically detecting all the hardware, and setting it up (at every boot-up no-less). I was astonished to see that everything just came up and was working, when I had come from a Linux background, where everything took hours of manually selecting your hardware, fiddling with module parameters, editing config files, etc. Hardware that I though was impossible to get working together because of my Linux experince (eg two soundcards in one system, multiple IDE controllers, etc), was up and was working automatically.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Wow! Where did that come from? OpenBSD upgrade is possibly the simpliest OS upgrade around.
You just put in the CD/Floppy, select upgrade, tell it the source of the files (eg. CD-ROM, FTP), and it does everything for you. What did you find difficult about that?
You're not 1337 enough to post on slashdot.
Now are you going to leave? Does this make slashdot any less useful? Or are you just whining because someone complained that you didn't read the DOCS?
What problems? Start listing... I have yet to find one person with valid complaints about having problems in OpenBSD (at least, recently). They all ammount to some program not compiling, not knowing where the conf files are, etc.
What do you mean? Once you have a machine up and running, your PHB doesn't need to do anything to it, other than point and click on the icons, and use the programs. Once it's up and working, nobody needs to administer it, fix something that's broken, etc.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Ok, first a correction to what I said before. Now that I've thought about it, I was probably playing with OpenBSD 2.8, and that was about three years ago. I've looked at the new install walkthrough on openbsd.org and things look a little better -- still, a lot of these comments apply.
Not because my favourite paperclip is missing, but because the entire install was command line based, a number of details that had to be provided were non-obvious (e.g. the device path for the partition on which to install) and had to be specified rather than chosen from a list (the new installer appears to give choices and a default).
When I install an OS to try it out I don't have time to get familiar with its intricies (likes its naming scheme for devices or how to configure networking). I also consider the install and use of the OS from the perspective of an administration who is not familiar with *nix (but is willing to learn the basics).
In that respect, Monowall gets full marks. Its a breeze to install and get it working -- took me five minutes (including the download, write to CD and boot). I also give FreeBSD high marks -- it has critical functionality out of the box (with little configuration needed), the install is sufficiently friendly (I have given it to an MS admin with no *nix support before and he managed, without any documentation). But, IMHO, most MS admins would struggle with an OpenBSD install (certainly the version I used).
Intermittent IDE drive problem, the drive kept, um, "resetting". I had a similar problem with a Linux kernel (different controller and drive) about 6 years before; I know the Linux failure is "DriveReady/SeekComplete". FreeBSD, Linux and WinNT worked on this hardeware, but OpenBSD didn't.
i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
Sigh, I knew I was going to get flamed for this. Here goes:
...
You just put in the CD/Floppy, select upgrade
I was trying to uprade from source, since the upgrade from CD reproduced some interesting errors, which I don't have the time to go fish from the mailing list archives. And while this was a single machine, relying on a physical medium to keep a large # of boxes (as for desktops in a large company) up to date won't cut it. In that respect, I've rarely had problems with FreeBSD's buildworld.
Now are you going to leave? Does this make slashdot any less useful? Or are you just whining
Why whining? I'm posting my experience and some reasons. Why the fuck is it that the moment you try to shaer with people why you did/didn't do something, it's whining? I found a solution and got on with it.
What problems? Start listing... I have
-OpenBSD-sparc on my SS20 kept locking up mysteriously. This was not due to memory/hardware/power problems (tested & replaced repeatedly) and was reported by a number of people without a solution ever being discussed.
-Several interesting changes to security settings and pf rules that cost me hours of diggign through various configs (and no, it wasn't obvious from the docs.) I hate operating systems that think they know better than I do how secure they should be.
The list goes on. Maybe this really was just the luck of the draw, and I know "things happen", but in my case I just had too much grief with the damn thing on too many different occasions. I just didn't have the time to spend knob-dicking around getting my boxes to work with a deadline to meet.
Look, my point was "use what works". I'm sorry if that got lost in translation.
Cole's Law: Thinly sliced cabbage
The article dismisses NetBSD as a server platform because it's more suitable for a heterogeous hardware enviroment (i.e. because it's portable). That seems like a huge non-sequitur to me. It may be true that Open/Free is a better plaform for servers for all I know, but that can't be the reason, can it?
Managers are dying... :)
You don't need the physical medium, you just need the dozen large tgz files. You could upgrade a running system if you wanted... although the kernel upgrade would require a reboot before you'd get new functionality.
I've NEVER had problems with OpenBSD's upgrade method: cd
I'm not saying you are whining because you aren't using OpenBSD, but because you are complaining about what an individual who happened to be on an OpenBSD mailing-list happened to say to someone. You say it like it was a reason you aren't using OpenBSD... Which is why I invited you to stop using Slashdot, since there's plenty of flames here to go around.
Security settings? What would that be? I've used OpenBSD for several years, and the only security setting I can think of is kern.securelevel, which is pretty standard... FreeBSD has exactly the same thing, and Linux's runlevels are very similar. Is that what you are talking about?
As for the PF rules, it's just a config file. Nobody is second-guessing you on anything. You have to create a pf.conf yourself, the existing one is just an example. There's nothing else you could possibly have had to modify, so I fail to see the problem you had with it.
Well, the only thing I've heard from you so far is that you had a mysterious lock-up on SPARC. Well, those things do happen from time to time. If there was no patch out for the problem yet, you could simply have reverted back to a previous version (only 6-months old, still fully supported) until it was resolved.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Were you under the influence of some controlled substance when you installed OpenBSD?
First of all, it does not ask what partition to install to... with or without defaults or a list. It automatically uses the first one, and as far as I can remember, it has since early in the 2.x days.
Second, I also find this strange, as even if it did ask you to provide the device name, you should know that, because install is the step immediately after partitioning. How could you have exited out of the partitioning program, and not have known how partitions were named? It shows you the naming as you are creating each one, and I'm sure you displayed it before exiting, where it gave you a nice list of each device name...
No, only the partitioning step... Other than that, OpenBSD is much easier. FreeBSD is a mess of sub-menus, sub-sub-menus, etc. There's no real way to know which step you should take next. If you go down the list, sooner or later you'll hit a step that you didn't want. Or worse, if you try to guess if you want to try an option based on the name, you're likely to skip something important, and the FreeBSD installer is dumb enough that it will let you go through all the steps of installing, even without any partitions, giving you pointless error messages that give no hint to the problem. I like FreeBSD very much, but I don't like the installer much. They could improve it immensely just by copying Slackware's similar-looking installer.
Did you have your HDD set to spin-down via the BIOS? If so, OpenBSD didn't used to play nice, and spun it back up almost immediately. Was that your problem? It reports a "reset", but that doesn't pose any problem at all, it's just giving you more info than other OSes do.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
The possessive of "it" is "its".
Honey, I shrunk the Cygwin
You don't need the physical medium,
Fair enough, didn't occur to me at the time, never got that far.
I've NEVER had problems with...
I did. Loads of undefined symbols. I never found out why despite a shitload of searching.
I'm not saying you are whining beca...
It's not a reason I'm not using OpenBSD. I'm not using it because it ate up too much of my time to try and get working correctly, and I couldn't find solutions to my issues. The bad attitude (of more than one person) is a reason I wouldn't recommend OpenBSD to someone as a production OS, especially if I don't know their level of technical prowess.
As for not using slashdot, feh, this is a form of recreation for me. I don't need it for work--wading through scads of idiotic posts doesn't bother me, as I don't _have_ to get something out of it.
Security settings? What would that be...
kern.securelevel was part of it (as in mysteriously dropping from one into another.) Ignoring and overwriting my own pf.conf after running seemingly without issues for a few days was another. Ceasing to accept connections from given groups of hosts, with no sensible syslog info anywhere was a third.
I'm not saying there wasn't a perfectly rational reason for this behavior, and that I couldn't have found it eventually, but I simply got tired of dealing with the shit and moved on. I'm using pf without complaints on my FreeBSD firewall--in fact, Dani Hartmeier lives a few miles from here, and is a fun guy to go for beers with.
you could simply have reverted back to a previous version..
"These things happen" is absolutely true, but unacceptable for me on a box I need to do work on. As for reverting, tried that, no joy there. I have a working environment now, and will probably go back to fiddling with OpenBSD in a while (when I have time and spare boxes) to try and find out once and for all what the problem was, but for now it's not one of my priorities.
Cole's Law: Thinly sliced cabbage
Yeah, I'll also agree that OpenBSD has a dreadful installer. Even minimalist NetBSD is doing better these days. My main complaints are that it has no "go back and change something" capability, and that the drive partitioning piece seems to forget that most screens only have 24 lines on them.
On the flip side, it is quite easy to manually install OpenBSD (just like NetBSD), which is convenient if you're doing something grossly non-standard or just building a filesystem tree for a net-booted box.
My boss's boss wanted "a computer like THAT", as he pointed to a 42" plasma screen in conference room. We eventually just plugged a Sony SDM-232W 23" widescreen LCD into his PC and replaced the keyboard and mouse. He's now as happy as can be. (As he continues to use one app at a time: Outlook, MSIE, or sometimes Word or WordPad).
You are the problem, Mr. Viper.
Well, you and others like you. I struggled to get OpenBSD mac68k to work and it was not easy. And yes, the people with the knowledge of OpenBSD on the OpenBSD mail lists are there, not to help, but to get their jollies from trying to make people feel dumb.
I got sick of reading manuals and installation guides and watching knowledgable users flame anyone with a problem.
I found something that works (Mac OS) and went back to it. Someday I'll try another Un*x for the box, but I'll never waste my time with OpenBSD again. I want an OS that works and I want an OS with a culture of helping, not of stepping on the fingers of those still climbing the mountain.
Tell you what, Mr. V, if I find any S&M types out there, I'll point them in your direction.
Why oh why can't we mod -1 Moron?