Annotation of www/testimonials.html, Revision 1.24
1.10 ian 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1.1 ian 2: <html>
3: <head>
1.23 tj 4: <title>OpenBSD: Users' Views</title>
5: <meta name="copyright" content="This document copyright 2000-2016
6: by OpenBSD.">
1.22 tb 7: <meta name="viewport" content="width=device-width, initial-scale=1">
8: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.23 tj 9: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
1.24 ! tb 10: <link rel="canonical" href="https://www.openbsd.org/testimonials.html">
1.1 ian 11: </head>
1.10 ian 12:
13: <body bgcolor="#FFFFFF" text="#000000" link="#23238E">
1.22 tb 14:
15: <h2>
16: <a href="index.html">
17: <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a>
18: <font color="#e00000">Users' Views</font>
19: </h2>
20: <hr>
1.5 ian 21: <p>
1.22 tb 22:
1.1 ian 23: <p>Many users have commented on their use of OpenBSD.
1.10 ian 24: The following are unsolicited comments from our public mailing lists or,
1.3 ian 25: occasionally, other mailing lists (these have links to the original articles).
1.6 ian 26: Postings have been shortened, and edited slightly for spelling and grammar,
1.1 ian 27: but are otherwise unchanged.
28:
1.8 deraadt 29: <hr>
30:
1.19 sthen 31: <h3>Jules Desforges wrote this in an introduction to the
1.22 tb 32: <a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2010-June/000022.html">
33: ukopenbsdusers mailing list</a>:</h3>
1.19 sthen 34: <p>
35: My name is Jules and I live in Kent. I've been using OpenBSD since 2.9.
36: I have OpenBSD running on 6 x Nexcom NSA1086's to provide core routing
37: between our Data Centres. All the routes are running from read-only
38: Compact Flash. Largely runs untroubled, pushing ~ 400Mb/s.
39: Main motivation was the cost savings compared to equivalent
40: Junpier/Cisco kit.
41: I hope to be testing the new MPLS code soon.
42: <p>
43:
1.13 henning 44: <h3><a href="mailto:SKohrman@apu.edu">Shawn Kohrman</a> writes:</h3>
45: <p>
46: As a Security/Network Administrator for over ten years, I have to say
47: OpenBSD is hands down the best out-of-the-box OS I have seen yet. I
1.14 henning 48: have worked with MS NT/2000, Linux (from its humble beginnings),
1.13 henning 49: Solaris, etc. OpenBSD is simple, clean, secure and reliable. Many
50: thanks to the developers for an outstanding job.
51:
1.10 ian 52: <h3><a href="mailto:kristoff@phatness.net">Kris Wilkinson</a> writes:</h3>
53: <p>
54: I've been securing networks for quite some time now, and until recently
55: when I installed Open BSD 3.0 I never realized how easy my life could have
56: been had I tried it earlier.
57: After experiencing all the "other" operating systems available, 3.0 has to
58: be the most secure, easily managed and well organized package I have ever seen.
59: Not only is it completely cutting edge, it focuses on the smaller points of
60: security which I'm tired of having to manually tweak every time you setup a box.
61: <p>
62: I am securing networks all over Alberta using your fantastic
63: setup. Thank you so much! Keep up the incredible work.
64:
1.8 deraadt 65: <h3>Matthew Haas says this:</h3>
1.1 ian 66: <p>
67: I've been very impressed with OpenBSD since my decision to install it.
68: Definitely a great system, reminds me of my Slackware days, but better.
69: <p>
70: Thanks.
71:
1.8 deraadt 72: <h3>
1.7 ian 73: <a href="mailto:webmaster@2600.org.au">Grant Bayley</a>,
1.8 deraadt 74: an IT Manager from Australia, writes:</h3>
1.1 ian 75: <p>
76: By way of success stories, since a few of us at 2600 Australia started
77: using OpenBSD about 12 months ago now in some form or another, we've seen...
78: friends load it onto their machines and been simply amazed
79: at the quality of it, in particular the forethought that goes into
80: securing things out of the box.
81: <p>
82: We've also had one of our guys working at an ISP go head-to-head with an
83: in-house SuSE zealot of sorts on a compatibility, stability and security
84: test in advance of them selecting an operating system for their servers
85: (which, while using RedHat, had been rooted at least once). OpenBSD passed
1.6 ian 86: with flying colors and as of today, they're beginning a roll-out of 2.6
1.1 ian 87: onto their servers, mostly using stock components and software from the
88: ports tree (qmail, cucipop etc).
89:
1.8 deraadt 90: <h3>System and Network Administrator Jeff Schneiter offers this:</h3>
1.1 ian 91: <p> With a frozen budget it sure makes one squeeze every last
92: bit of power out of whatever hardware one can lay his hands
93: on... and thanks to OpenBSD, I have been doing just that.
94:
1.8 deraadt 95: <h3><a name=sarendal href="mailto:tony@polarcap.org">Tony Sarendal</a> says this:</h3>
1.1 ian 96: <p>I tried OpenBSD because of the IPsec support.
97: The reason I stick with it is because it really is nice to use
98: and it gives a feeling of quality which no other OS can match.
99: <p>
100: I did some programming on an OpenBSD machine, after this I really
101: appreciated the man pages. Other Unices I used had man pages that
102: simply weren't any good.
103: <p>
104: Keep up the good work guys.
105:
1.8 deraadt 106: <h3>Security Engineer Tyler Allison writes:</h3>
1.1 ian 107: <p>
1.6 ian 108: I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
109: highly secure environments. (yes you can secure Linux and Windows NT in
1.1 ian 110: this environment :) ). Having said that I have to point out that if you
111: want a minimum administration to keep up with security issues option you
112: need to pick OpenBSD by far. It is not uncommon for people to go years without
113: updating their production OpenBSD machines because they are just rock solid
114: and there are no known "remote" vulnerabilities. Thus no good reason to
115: upgrade...
116: <p>
117: I would feel perfectly happy to have one of my [novice] interns do a basic
118: OpenBSD install on a PC (no extra security work after the install) and then put
119: the companies crown jewels on that machine and then walk away for a year.
120: Knowing full well that machine hasn't crashed, been broken into or in need
121: of an OS upgrade. You can't say that about NT or Linux.
1.14 henning 122: Or if you do you obviously haven't ever used the product that way :)
1.1 ian 123: <p>
124: Another thing that I hear people point out is go check your local exploit
125: site or vulnerability alert mailing list and see if you can find a "remote"
126: root level exploit that works on OpenBSD. I dare say you won't find any that
127: are less than 12 months old.
128:
1.8 deraadt 129: <h3>Jan Johansson gave this reply to a "how do I build a cheap web server?" query:</h3>
1.1 ian 130: <p>
131: I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.
132: <p>
133: After reading Bugtraq for some weeks I will say that I will never put
134: any (important) machine on the Internet if there is not a firewall in
135: front and for packet filtering I go for OpenBSD...
136: <p>
1.6 ian 137: For a cheap web server I say hardware from a known vendor, an ordered
1.1 ian 138: OpenBSD CD-ROM and Apache...
139:
140:
1.8 deraadt 141: <h3><a href="mailto:wyodlows@nj.devry.edu">
142: William Yodlowsky</a> at Devry Institute wrote:</h3>
1.1 ian 143:
1.4 ian 144: <p>[A few] years ago I was just getting into system administration. I learned
1.1 ian 145: Linux first. Then one of our old (I mean *really* old) BSDi servers
146: crashed, and it was up to me to rebuild the system.
147: <p>
148: I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down
149: to "secure and stable" that took the prize. OpenBSD 2.1 was installed.
150: <p>
151: Since then, I've run 2.1-2.5 on everything from production servers to
152: laptops. We've never (repeat: NEVER) had a break-in.
153: <p>
154: A coworker setup a RedHat based box to test his skills at setting up SSL
155: and a secure web site.
156: It was hacked literally overnight, and by the next morning was attacking
157: other sites.
158: <p>
159: Our OpenBSD servers were probed and then left alone.
160: <p>
161: In the intervening two years, that original server got upgraded
162: and patched several
163: times and the OS never gave us reason to question the reliability or
164: security of OpenBSD.
165: <p>
166: We have another box, acting as a router for about 800 workstations doing
167: very basic filtering and NAT. It's on a P120 with 32MB RAM and typically
168: the uptime would look like this:
169: <pre>
170: % uptime
171: 9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06
172: %</pre>
173: <p>As well, OpenBSD runs on my laptop.
1.6 ian 174: A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.
1.1 ian 175: <p>
176: And it never crashes :)
177: <p>
1.4 ian 178: One other incident that made me a believer... we were pingbombed
179: [perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
1.1 ian 180: 900 different hosts on different networks floodpinging an OpenBSD 2.3 box
1.6 ian 181: simultaneously, while it was processing email and web pages for 3500 users.
1.1 ian 182: <p>
183: It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
184: but never crashed :-)
185:
1.8 deraadt 186: <h3>John J. Adelsberger III said this about us in Bruce Schneier's
1.1 ian 187: <a href="http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders">
1.8 deraadt 188: Crypto-Gram</a>:</h3>
1.2 ian 189: (the comments he is responding to are Schneier's)
1.1 ian 190: <br>
1.6 ian 191: <br>> Real systems show no signs of becoming less
192: <br>> complex. In fact, they are becoming more complex,
193: <br>> faster and faster. Microsoft Windows is a poster
194: <br>> child for this trend to complexity.
1.1 ian 195: <br>...
1.6 ian 196: <br>> The other choice is to slow down, to simplify,
197: <br>> and to try to add security.
1.1 ian 198: <p>
1.15 david 199: OpenBSD does this. <i>I am unaware of any other group whose workings
200: are publicly viewable that does so</i> [emphasis added], which is regrettable, because
1.1 ian 201: I would prefer not to have this appear as an OpenBSD plug; rather,
202: my purpose is to point out that not only is this approach feasible,
203: but it is being done.
204:
1.8 deraadt 205: <h3>Andrew Hermetz commented as follows:</h3>
1.1 ian 206: <p>Hey all,
207: <p>Just wanted to drop a line and thank all who have worked to make OpenBSD
208: such a clean, cool, & efficient project.
209: <p>Major kudos to Theo for being a man ahead of his time! ;-)
210: <p>As I have to frequently explain to people *why* security is important at
211: all ("if you have nothing to hide...", "nothing you do is important enough to
1.6 ian 212: warrant encryption...", "only criminals and terrorists need to sneak around
1.1 ian 213: anonymously...", etc. ad nauseam), let alone *why* it's important in this day
214: and age of personal networks behind a DSL or even a full T1, I love being able
1.6 ian 215: to point them to a page which sets out a well-reasoned explanation for taking
1.1 ian 216: computer security seriously.
217: <p>[... OpenBSD installed]
218: effortlessly onto a Pentium 90 Compaq LTE 5100 laptop -- even the no-name
219: brand LAN card came right up and did a kickass install over a friend's office
220: T1. When I sing its praises, the thing that seems to get most people is its
1.10 ian 221: spartan look & feel, but I like knowing where everything is and not having a
1.1 ian 222: distro that shoves [stuff] into dark corners I'll never find...
1.17 grunk 223:
224: <h3><a href="mailto:ben@wbpsystems.com">Ben Smith</a>, president of
225: <a href="http://www.wbpsystems.com">wbp systems</a> says:</h3>
226: OpenBSD is the most secure operating system
1.18 grunk 227: <a href="http://www.wbpsystems.com">wbp systems</a> has ever used.
1.17 grunk 228: With all of our products, OpenBSD has allowed us to focus on our customers
229: instead of tweaking the OS to make it secure.
230: Internally we use OpenBSD for everything imaginable.
231: With its rock solid performance, we never have to worry about a file
232: server, proxy server or application server crashing.
233:
1.1 ian 234: </body>
235: </html>