Since 1997, I had been a happy user of GNU/Linux. It was my daily working platform.

But I've always been intrigued by other operating systems, especially BSD, from which much of GNU/Linux was derived. So I have been looking through the three freely available BSD systems (FreeBSD, NetBSD, OpenBSD), and evaluating which one suited my needs best.

Originally I was only considering FreeBSD and NetBSD because they were quite mature platforms, as far as their underlying organisations went. To be fair, I had to check out OpenBSD as well—and then the words ‘integrated cryptography’ caught my eye—it was too much to resist.

Open cryptography

I've been a bit of a crypto fan ever since my high school days, when I had information I had to hide (copy-protection breakers and bomb recipes, mainly). I wanted to find a book that would describe good encryption algorithms so that I could write my own implementation.

Walking by one day a technical bookstore, I spied a copy of Applied Cryptography selling originally for NZ$140, but at the (20% off) sale price of NZ$112 it was too good to resist.

I spent the whole week skimming the book. I learnt that writing my own implementation of an encryption program is much much harder than I thought. I also learnt of a program called PGP, that had concepts like ‘web of trust’ and public key cryptography. I was hooked.

A few months later, in early 1997, I got internet access. I downloaded PGP, made my first keypair, and felt really special that I had privacy almost at my fingertips. Then I learnt about US export controls—and much crypto software (at the time) were written in the States—and that the PGP I downloaded was originally smuggled.

I was absolutely miffed, that there weren't good encryption products (that I knew of) that were available in freer countries. Of course, after I switched to GNU/Linux later that year, I learnt about libraries like SSLeay (which subsequently branched into OpenSSL), and programs like SSH (which the OpenBSD people have recently split off as OpenSSH)—things I regularly use now.

OpenBSD's password hasher uses Blowfish; many of its programs make use of the cryptographic functions in SSLeay/OpenSSL, which it is distributed with. Somehow, it seemed a fitting companion to the various security products I use.

All that, along with their reputation as a secure operating system, compelled me to buy a CD, and try it out. In May 1999, when OpenBSD 2.5 was released, I did just that.

Overcoming the inertia

Just having a copy of some program doesn't mean that I will use it.

On June 26, I had just put together the last pieces of my new computer, Chrysalis.

I had a copy of Solaris 2.7 from the Free Solaris Promotion, and thought I would try it out. Guess what—I couldn't get into the installer—every time the kernel tried to boot it would get a panic.

So I looked at Debian 2.1, a CD of which I had made recently. The set-up process went all right…what's this? Why's my hub flashing like crazy? I could't access any of the other machines on the network at all. Surely, I haven't blown NZ$2000 on a new system to see it not work! (I eventually, much later, fixed the problem by downloading a new driver for my ethernet card.)

That left one choice. I must admit that, having been a long time GNU/Linux user, learning OpenBSD was a chore—so many habits to change (one simple example is that to switch to the first virtual console, you have to type C-A-F1 and not just A-F1 as in Linux). But, necessity drove me to learn, and learn I did—with the help of their excellent documentation: you can find manual pages on just about any topic (this is in stark contrast with GNU/Linux, where the manual coverage is quite a bit smaller).

One common myth is that BSD is antiquated, that all the major Unix standards are moving away from BSD. In fact, much of 4.4BSD was designed with POSIX compliance in mind, and certainly this POSIX compliance showed up well in OpenBSD.

Also, BSD has security levels, restricting what the superuser can do outside single mode (in the event of the system getting cracked), and a script (/etc/security) which scans the system for potential security problems—this is a very good thing for the system administrator!

Binary emulation was also a big plus: earlier on I bought a copy of Metro Link Motif Complete for GNU/Linux, and I was glad to see it hadn't gone to waste just because I switched to OpenBSD. It worked pretty well with Netscape, too (I am currently using the Linux-2.2/glibc-2.1 version of Netscape, with Metro Link's Motif libraries).

In short, it works with my network card, it's secure and features strong cryptography, and runs my existing applications. What more can I ask for?

Hardware support

Well, at least it supported my ethernet card. :-)

As of OpenBSD 2.6, it also supports USB devices, and more importantly it supports ATAPI-SCSI translation, which means I can now use cdrecord with it!

Distribution

One of the most charming things about OpenBSD is that you can get the latest version just by updating your source tree. All via anonymous CVS.

Another thing (which is not necessarily good, but something I like) is that you don't have many different distributions, each with their own file organisation. The Filesystem Hierarchy Standard is meant to solve such issues, but it's not currently widely deployed yet. So having one distribution, with one file layout, is in my opinion a good thing.

I previously mentioned BSD security levels and the /etc/security script. Linux does have security levels, but I don't know how many distributions make use of it in default settings. Debian does have a script which lists setuid programs and device nodes, but how many other distributions have this I don't know. This boils down to something the distributions appear to lack—consistency.

I didn't mean the above to be some sort of FUD, and I certainly am not against GNU/Linux; I use it from time to time. But, my heart has now gone out to OpenBSD—and I hope GNU/Linux fans won't hold that against me.