My OpenBSD Server

Despite the aging hardware, my server can handle plenty. Here's what I use it for.

1. torrent seed-box - I put an extra 4 TB hard drive in it and it runs Transmission in daemon mode that watches a specific directory and automatically downloads any new torrent files in that directory. This leads to a nice synergy with use 2.
2. media server - In the same directory Transmission downloads to, my server runs a DLNA media server. Anything I download via torrent becomes immediately available for streaming to any device on my local network that can be a DLNA client. This includes all smart TVs and attachments, phones, and computers.
3. ssh server - This is of course essential for logging in and using the server since I long ago stripped it of any monitors and I rarely need to plug one back in, though that was my primary personal computer for a while a few years ago. Anyway, I have all password logins disabled. The only thing allowed is my personal ssh key. This might seem like overkill, but it's good practice for the next thing.
4. dynamic dns client - I have a special domain name specifically for that server because I want to be able to access it and my files stored on it easily from anywhere. But this is complicated because you can't rely on your IP address to be constant with a consumer ISP. So what ddclient does is periodically check if the IP assigned by my ISP connecting my home network to the wider internet has changed and updates the DNS entry in my domain registrar's DNS service.
5. web server - Just for fun I have a web server running in case I want to share any large files publicly with anyone. I can put it on my server at the right location and give them a normal URL and they can download it easily. It's basically my own private cloud storage.
6. mail server - Like the web server, there's nothing serious happening there now, but it was fun to set up my own mail server. Contrary to what some people might say, it never ended up in spam when I sent from that email address.

OpenBSD is not a popular operating system. They do, however, maintain OpenSSH which is the standard ssh implementation used everywhere. Sometimes nontechnical people have heard of Linux or even used it, but I don't think I've ever heard a nontechnical person who knows anything about BSD. This unpopularity has downsides in software and hardware support. It can take longer to get new features and new releases. So what do I like about it?

Linux has a million things to customize and people do. Every system feels slightly different. Linux is distributed. Each part of the system is developed by different programmers. The result makes inconsistencies in behavior and feel like an inevitability. With OpenBSD, and all BSDs really, the kernel and userland are both maintained by the same team. That means there is more uniformity in the experience and one place where responsibility rests for making changes.

As one example of the consistency, they make a new release of the base system every six months. Every six months is an improvement and regressions are nonexistent. With most other operating systems there is always some fear evoked by an upgrade because you can never know if some idiot decided to break the thing you use every day and your life gets worse for no reason. Not so with OpenBSD, every upgrade is a steady improvement.

OpenBSD's marketing is primarily concerned with security. Many people debate about whether their methods of security are really the most secure because the slower pace of development can often mean not adopting the newest features right away. They don't have anything comparable to SELinux for example.

Instead they focus on security through making their OS more usable. They care about setting good defaults. They care about shipping software that is comprehensible, stable, and bug-free. They care about making configurations simple so you can't easily do something stupid. They actively reduce complexity. They ship "brainless" security you never have to think about like pioneering the use of write xor execute memory or address space layout randomization.

As one example of their commitment to reducing complexity, they decided the configuration for the command sudo was too complex. If you've ever looked at a sudoers file and tried to do anything beyond uncommenting the line that gives root permissions to the wheel group you probably know what I mean. If you look at the man page for sudo to understand the configuration syntax, you are suddenly trying to puzzle out a BNF grammar to figure out what to do.

OpenBSD simply introduced a new command named doas with a simpler syntax. You can learn how to configure it in 5 minutes.

Another thing I really appreciate the OpenBSD team for is putting a lot of time into their man pages. Unlike Linux where many programs ship man pages that only work as a quick reference and expect you to search the web for any serious questions, OpenBSD's man pages are considered the canonical source for documentation. Their man pages are always up to date and comprehensive. It's a magical experience to learn everything about using your computer system from documentation that was shipped with that system and never need to open Google. It's consideration for the user. I can't count the number of times I've installed a new Linux system and the internet isn't working, so I have to go find another computer to search the web to figure out how to fix it. Every time the internet wasn't working on OpenBSD I was able to read the manual to fix the problem. And every manual includes lots of examples.