Annotation of www/testimonials.html, Revision 1.26
1.25 bentley 1: <!doctype html>
2: <html lang=en>
3: <meta charset=utf-8>
4:
1.26 ! deraadt 5: <title>OpenBSD: Users' Views</title>
1.22 tb 6: <meta name="viewport" content="width=device-width, initial-scale=1">
7: <link rel="stylesheet" type="text/css" href="openbsd.css">
1.24 tb 8: <link rel="canonical" href="https://www.openbsd.org/testimonials.html">
1.22 tb 9:
1.25 bentley 10: <h2 id=OpenBSD>
1.22 tb 11: <a href="index.html">
1.25 bentley 12: <i>Open</i><b>BSD</b></a>
13: Users' Views
1.22 tb 14: </h2>
1.25 bentley 15:
1.22 tb 16: <hr>
1.25 bentley 17:
1.5 ian 18: <p>
1.25 bentley 19: Many users have commented on their use of OpenBSD.
1.10 ian 20: The following are unsolicited comments from our public mailing lists or,
1.3 ian 21: occasionally, other mailing lists (these have links to the original articles).
1.6 ian 22: Postings have been shortened, and edited slightly for spelling and grammar,
1.1 ian 23: but are otherwise unchanged.
24:
1.8 deraadt 25: <hr>
26:
1.19 sthen 27: <h3>Jules Desforges wrote this in an introduction to the
1.22 tb 28: <a href="http://ukopenbsdusers.saneusergroup.org.uk/pipermail/uk-openbsd-users/2010-June/000022.html">
29: ukopenbsdusers mailing list</a>:</h3>
1.19 sthen 30: <p>
31: My name is Jules and I live in Kent. I've been using OpenBSD since 2.9.
32: I have OpenBSD running on 6 x Nexcom NSA1086's to provide core routing
33: between our Data Centres. All the routes are running from read-only
34: Compact Flash. Largely runs untroubled, pushing ~ 400Mb/s.
35: Main motivation was the cost savings compared to equivalent
36: Junpier/Cisco kit.
1.26 ! deraadt 37: I hope to be testing the new MPLS code soon.
1.19 sthen 38:
1.13 henning 39: <h3><a href="mailto:SKohrman@apu.edu">Shawn Kohrman</a> writes:</h3>
40: <p>
41: As a Security/Network Administrator for over ten years, I have to say
42: OpenBSD is hands down the best out-of-the-box OS I have seen yet. I
1.14 henning 43: have worked with MS NT/2000, Linux (from its humble beginnings),
1.13 henning 44: Solaris, etc. OpenBSD is simple, clean, secure and reliable. Many
45: thanks to the developers for an outstanding job.
46:
1.10 ian 47: <h3><a href="mailto:kristoff@phatness.net">Kris Wilkinson</a> writes:</h3>
48: <p>
49: I've been securing networks for quite some time now, and until recently
50: when I installed Open BSD 3.0 I never realized how easy my life could have
51: been had I tried it earlier.
52: After experiencing all the "other" operating systems available, 3.0 has to
53: be the most secure, easily managed and well organized package I have ever seen.
54: Not only is it completely cutting edge, it focuses on the smaller points of
55: security which I'm tired of having to manually tweak every time you setup a box.
56: <p>
57: I am securing networks all over Alberta using your fantastic
58: setup. Thank you so much! Keep up the incredible work.
59:
1.8 deraadt 60: <h3>Matthew Haas says this:</h3>
1.1 ian 61: <p>
62: I've been very impressed with OpenBSD since my decision to install it.
63: Definitely a great system, reminds me of my Slackware days, but better.
64: <p>
65: Thanks.
66:
1.8 deraadt 67: <h3>
1.7 ian 68: <a href="mailto:webmaster@2600.org.au">Grant Bayley</a>,
1.8 deraadt 69: an IT Manager from Australia, writes:</h3>
1.1 ian 70: <p>
71: By way of success stories, since a few of us at 2600 Australia started
72: using OpenBSD about 12 months ago now in some form or another, we've seen...
73: friends load it onto their machines and been simply amazed
74: at the quality of it, in particular the forethought that goes into
75: securing things out of the box.
76: <p>
77: We've also had one of our guys working at an ISP go head-to-head with an
78: in-house SuSE zealot of sorts on a compatibility, stability and security
79: test in advance of them selecting an operating system for their servers
80: (which, while using RedHat, had been rooted at least once). OpenBSD passed
1.6 ian 81: with flying colors and as of today, they're beginning a roll-out of 2.6
1.1 ian 82: onto their servers, mostly using stock components and software from the
83: ports tree (qmail, cucipop etc).
84:
1.8 deraadt 85: <h3>System and Network Administrator Jeff Schneiter offers this:</h3>
1.1 ian 86: <p> With a frozen budget it sure makes one squeeze every last
87: bit of power out of whatever hardware one can lay his hands
88: on... and thanks to OpenBSD, I have been doing just that.
89:
1.25 bentley 90: <h3 id=sarendal><a href="mailto:tony@polarcap.org">Tony Sarendal</a> says this:</h3>
1.1 ian 91: <p>I tried OpenBSD because of the IPsec support.
92: The reason I stick with it is because it really is nice to use
93: and it gives a feeling of quality which no other OS can match.
94: <p>
95: I did some programming on an OpenBSD machine, after this I really
96: appreciated the man pages. Other Unices I used had man pages that
1.26 ! deraadt 97: simply weren't any good.
1.1 ian 98: <p>
99: Keep up the good work guys.
100:
1.8 deraadt 101: <h3>Security Engineer Tyler Allison writes:</h3>
1.1 ian 102: <p>
1.6 ian 103: I have installed, secured, and maintained Linux, Windows NT and OpenBSD in
104: highly secure environments. (yes you can secure Linux and Windows NT in
1.1 ian 105: this environment :) ). Having said that I have to point out that if you
1.26 ! deraadt 106: want a minimum administration to keep up with security issues option you
! 107: need to pick OpenBSD by far. It is not uncommon for people to go years without
1.1 ian 108: updating their production OpenBSD machines because they are just rock solid
109: and there are no known "remote" vulnerabilities. Thus no good reason to
110: upgrade...
111: <p>
1.26 ! deraadt 112: I would feel perfectly happy to have one of my [novice] interns do a basic
1.1 ian 113: OpenBSD install on a PC (no extra security work after the install) and then put
114: the companies crown jewels on that machine and then walk away for a year.
1.26 ! deraadt 115: Knowing full well that machine hasn't crashed, been broken into or in need
! 116: of an OS upgrade. You can't say that about NT or Linux.
1.14 henning 117: Or if you do you obviously haven't ever used the product that way :)
1.1 ian 118: <p>
119: Another thing that I hear people point out is go check your local exploit
120: site or vulnerability alert mailing list and see if you can find a "remote"
1.26 ! deraadt 121: root level exploit that works on OpenBSD. I dare say you won't find any that
1.1 ian 122: are less than 12 months old.
123:
1.8 deraadt 124: <h3>Jan Johansson gave this reply to a "how do I build a cheap web server?" query:</h3>
1.1 ian 125: <p>
126: I work today with Solaris, OpenBSD, NT Server, NT Workstation and Win 95.
127: <p>
1.26 ! deraadt 128: After reading Bugtraq for some weeks I will say that I will never put
! 129: any (important) machine on the Internet if there is not a firewall in
1.1 ian 130: front and for packet filtering I go for OpenBSD...
131: <p>
1.26 ! deraadt 132: For a cheap web server I say hardware from a known vendor, an ordered
1.1 ian 133: OpenBSD CD-ROM and Apache...
134:
1.8 deraadt 135: <h3><a href="mailto:wyodlows@nj.devry.edu">
136: William Yodlowsky</a> at Devry Institute wrote:</h3>
1.1 ian 137:
1.25 bentley 138: <p>
139: [A few] years ago I was just getting into system administration. I learned
1.1 ian 140: Linux first. Then one of our old (I mean *really* old) BSDi servers
141: crashed, and it was up to me to rebuild the system.
142: <p>
143: I looked at FreeBSD, NetBSD, OpenBSD and Linux. In the end, it came down
144: to "secure and stable" that took the prize. OpenBSD 2.1 was installed.
145: <p>
146: Since then, I've run 2.1-2.5 on everything from production servers to
147: laptops. We've never (repeat: NEVER) had a break-in.
148: <p>
149: A coworker setup a RedHat based box to test his skills at setting up SSL
150: and a secure web site.
151: It was hacked literally overnight, and by the next morning was attacking
152: other sites.
153: <p>
154: Our OpenBSD servers were probed and then left alone.
155: <p>
1.26 ! deraadt 156: In the intervening two years, that original server got upgraded
1.1 ian 157: and patched several
158: times and the OS never gave us reason to question the reliability or
159: security of OpenBSD.
160: <p>
161: We have another box, acting as a router for about 800 workstations doing
162: very basic filtering and NAT. It's on a P120 with 32MB RAM and typically
163: the uptime would look like this:
164: <pre>
165: % uptime
166: 9:05PM up 266 days, 4:23, 1 user, load averages: 0.06, 0.06, 0.06
167: %</pre>
168: <p>As well, OpenBSD runs on my laptop.
1.6 ian 169: A Gateway Solo 2500 with a Xircom modem, and a Linksys fast Ethernet NIC.
1.1 ian 170: <p>
171: And it never crashes :)
172: <p>
1.4 ian 173: One other incident that made me a believer... we were pingbombed
174: [perhaps a predecessor to the early2000 DDOS attacks?]. I mean,
1.1 ian 175: 900 different hosts on different networks floodpinging an OpenBSD 2.3 box
1.6 ian 176: simultaneously, while it was processing email and web pages for 3500 users.
1.1 ian 177: <p>
178: It was a P133 with 64MB ram. And it didn't go down. It got a bit slower,
179: but never crashed :-)
180:
1.26 ! deraadt 181: <h3>John J. Adelsberger III said this about us in Bruce Schneier's
1.1 ian 182: <a href="http://www.counterpane.com/crypto-gram-0004.html#CommentsfromReaders">
1.8 deraadt 183: Crypto-Gram</a>:</h3>
1.25 bentley 184: <p>
1.2 ian 185: (the comments he is responding to are Schneier's)
1.25 bentley 186: <blockquote>
187: <p>
1.26 ! deraadt 188: Real systems show no signs of becoming less
1.25 bentley 189: complex. In fact, they are becoming more complex,
1.26 ! deraadt 190: faster and faster. Microsoft Windows is a poster
1.25 bentley 191: child for this trend to complexity.
192: <p>
193: ...
1.1 ian 194: <p>
1.26 ! deraadt 195: The other choice is to slow down, to simplify,
1.25 bentley 196: and to try to add security.
197: </blockquote>
198: <p>
199: OpenBSD does this. <em>I am unaware of any other group whose workings
200: are publicly viewable that does so</em> [emphasis added], which is regrettable, because
1.1 ian 201: I would prefer not to have this appear as an OpenBSD plug; rather,
202: my purpose is to point out that not only is this approach feasible,
203: but it is being done.
204:
1.8 deraadt 205: <h3>Andrew Hermetz commented as follows:</h3>
1.1 ian 206: <p>Hey all,
207: <p>Just wanted to drop a line and thank all who have worked to make OpenBSD
208: such a clean, cool, & efficient project.
209: <p>Major kudos to Theo for being a man ahead of his time! ;-)
210: <p>As I have to frequently explain to people *why* security is important at
211: all ("if you have nothing to hide...", "nothing you do is important enough to
1.6 ian 212: warrant encryption...", "only criminals and terrorists need to sneak around
1.1 ian 213: anonymously...", etc. ad nauseam), let alone *why* it's important in this day
214: and age of personal networks behind a DSL or even a full T1, I love being able
1.6 ian 215: to point them to a page which sets out a well-reasoned explanation for taking
1.1 ian 216: computer security seriously.
217: <p>[... OpenBSD installed]
1.25 bentley 218: effortlessly onto a Pentium 90 Compaq LTE 5100 laptop — even the no-name
1.1 ian 219: brand LAN card came right up and did a kickass install over a friend's office
220: T1. When I sing its praises, the thing that seems to get most people is its
1.10 ian 221: spartan look & feel, but I like knowing where everything is and not having a
1.1 ian 222: distro that shoves [stuff] into dark corners I'll never find...
1.17 grunk 223:
224: <h3><a href="mailto:ben@wbpsystems.com">Ben Smith</a>, president of
225: <a href="http://www.wbpsystems.com">wbp systems</a> says:</h3>
1.25 bentley 226: <p>
1.17 grunk 227: OpenBSD is the most secure operating system
1.18 grunk 228: <a href="http://www.wbpsystems.com">wbp systems</a> has ever used.
1.17 grunk 229: With all of our products, OpenBSD has allowed us to focus on our customers
230: instead of tweaking the OS to make it secure.
231: Internally we use OpenBSD for everything imaginable.
232: With its rock solid performance, we never have to worry about a file
233: server, proxy server or application server crashing.