10 Things I Love About OpenBSD - taken from a presentation I did at the February 2003 meeting of UUASC (These are not /necessarily/ exclusive to OpenBSD, but tend to be so ...) * integrated crypto * "secure by default" as opposed to "let's turn everything on by default" * good emulation support for Linux, SVR4, BSDi, Solaris binaries * bsd-airtools * simple kernel configuration process - edit 1 text file and you're done * simple boot config process - one text file to edit for all run levels * pf * chroot/audited apache/bind * PrivSep - started with OpenSSH, making its way into X11, identd, bind, etc. * ProPolice - new for 3.3 - catch buffer overflows at runtime; logs to syslog * audited Bind9 in 3.3 (finally) (although I personally prefer tinydns ...) * package mgmt/ports tree - stolen from FreeBSD; dependency mgmt is very good * dead simple installation - figure out fdisk and disklabel and there's not really anything else confusing. For a non-dualboot setup, fdisk isn't even needed. * OpenBSD is the sysadmin's friend - you can install and forget it (although I don't recommend that), and with very few exceptions, you won't find an intruder getting in on that machine. As long as you follow http://www.openbsd.org/errata.html, you're golden. * Best security record of any OS in common use today, free or commercial. Those who disagree are invited to review BUGTRAQ/Vuln-Dev/Incidents postings for the last 5 years. While OpenBSD finally did have some remote root holes, they were not specific to OpenBSD, but affected a wide range of UNIX systems. Also, these came very late in the game, after years of rock solid security and a perfect track record with regards to remote holes in the default install. Nobody's perfect, but OpenBSD has a record that speaks for itself. * Theo ... Things I'd Like To See Added: * jail(4) ported from FreeBSD * Mozilla in ports tree, and Just Working (the port that was up at cryptonomicon.org/~jolan/ seems to have disappeared; I'm trying to track it down so I can mirror it here.)