I think a security-focused GUI Linux distribution using hypervisor isolation may be more secure in practice for desktop/laptop use than OpenBSD.

OpenBSD base system is designed to be a very secure server OS, but this comes at the expense of requiring you to read a lot of docs and figure things out when you leave the base system. Drivers may be annoying and 3rd party software that expects Linux will not work easily. It is definitely far off the paved road. If you want your computer life to be an Interesting Challenge or Hobby, it’s good, but if you want to just get stuff done it may be frustrating.

I suggest you look into QubesOS, which has put a lot of work and research into isolating GUI applications from each other using hypervisor. Its hardened Linux VMs with a hypervisor underneath and probably what I would pick if I wanted a “secure workstation OS”. It will probably work with more laptop wifi cards than OpenBSD. https://www.qubes-os.org/

What is your interpretation of a "Secure OS"? Trisquel isnt a hardened distro, so isnt going to give you any more security out of the box than a minimal ubuntu install - just a more restricted package selection.

What are your specific application requirements? OpenBSD is a BSD, not a linux, so you aren't going to have access to the benefits of the linux kernel - specifically hardware support.

You mention the device you are thinking of is a Razer Blade - which is chock full of hardware with closed BIOS and that will require 3rd party drivers. Its not exactly a libre device. The availability of some of that on linux may be limited, and may not exist in many cases on OpenBSD.

Maybe your question would be better posed by describing your requirements - what hardware and software you need/want/would like to use - then people may be able to advise based on that.

I have used OpenBSD as my daily driver for maybe 3/4 years, though I stopped after a dispute over the merge of some of my patches which I found petty.

My experience on the good side:

- OpenBSD has a very clean code base. Simple and to the point with no useless abstraction, which is ideal if you want to understand your kernel or make light changes. It's obviously opinionated, but I found OpenBSD to be clearer and simpler than FreeBSD and even NetBSD.

- Modification, build and boot of a kernel is a breeze. If you have been frustrated with Linux kernel development, OpenBSD is a million times simpler.

- If you use a common laptop, especially ThinkPads T series, then hardware and drivers won't be an issue.

- My usage is pretty typical for a programmer user: I need a WM (i3), a browser, a nice terminal, and development tools (c, c++, rust, python). Software is pretty up to date IMHO, nothing to complain about.

On the bad side:

- I found the core community annoying and immature. Every discussion that implies something could be done in a manner that ressembles what Linux does has to be mocked and turned to derision. It feels like a small circle of long time friends keep the projects in their hands and if you're either in or out this circle. This leads to a "us versus them" mentality that I dislike.

> What has been your experience with OpenBSD?

Really forces me to think about what I want versus need out of a computer.

> pros & cons

+ Comes with everything for a home lab: packet filter, DHCP server, FTP, and web server.

+ Bundled with C compiler and perl in base.

- Limited drawing tablet support.

> What laptop

Any model with a successful installation blog post will do.

> OpenBSD over Trisquel

With two cheaper machines for the price of one, one could run both operating systems. Then you can learn kernel compile, static IP, SSH, and practice sysadmin tasks (backups, cron, OS internals) from both perspectives.

Dated experience here. I used OpenBSD a long time ago (20 years ago) as a primary desktop as well as within data center (physical not virtualized). I absolutely loved it, however expect you will spend more time configuring for your liking.

There were occasional situations where esoteric hardware support was iffy (especially software driven win modems). I anecdotally believe there’s a better experience today but would probably pay attention to GPU and wifi hardware.

Install is a breeze, probably one of the better install experiences out there. The port system was very easy to use to install 3rd party apps. Also pretty easy to build most things from source or modify for its particular differences.

The community around source contribution takes a little adjustment since there is a real focus on the OS design goals and less so on specific edge cases. Contributing to ports is a little more accessible.

I’ve used FreeBSD around the same time with similar experience. A little larger of a community there though I found OpenBSD’s contributors to be highly engaged and accessible.

OpenBSD is an admirable operating system. We reported a local privilege escalation vulnerability in cron on openbsd due to a memory corruption flaw. Our research got surprisingly close to a reliable exploitation path and we opened up a contest for someone to demonstrate a working exploit, https://www.supernetworks.org/crontab-challenge

One thing to know about openbsd is that the default OS install and built-in services are mostly secure, but any third-party stuff you install is not guaranteed to be, and can be a vector for compromise.

If you intend to use it as a desktop OS, the amount of things you have to add will likely greatly increase the surface area to secure.

We once had a breach where through an insecure third-party service (I forget but it may have been some PHP script), someone managed to execute a remote payload on an openbsd server.

Luckily, the payload assumed a Linux system with an available C compiler, and it failed to “explode” in the alien openbsd environment.

To sum up, openbsd is indeed more secure but it’s not a panacea. As long as you follow best personal computing security practices you should be ok with either Linux or Openbsd.

I was thinking of doing something similar. But I was thinking of starting on a virtual machine or shell account before trying to install on real hardware. I don't know much about OpenBSD but my guess is that finding a laptop that runs OpenBSD flawlessly is not easy. So odds are you're going to be spending a lot of time troubleshooting and debugging. If that's ok with you, then that's great.

ThinkPads might be your best bet. Someone here has cataloged their experience with OpenBSD on laptops: https://jcs.org/openbsd-laptops

Security and usability are in direct opposition to one another. Maximising either will tend to minimise the other. Given you've never used BSD, I'd expect you to have a bad time using OpenBSD as a desktop system.

Suggest using Debian and accepting that internet connected computers are not secure against hacking or spyware, however you try to set them up.

> I did some rudimentary research and came to the opinion that OpenBSD might be the most secure OS.

What's your threat model that a vanilla Fedora or Ubuntu install isn't secure?

My sister made me install it on her Intel i3 PC one time.

The installation procedure was rather easy, I just had some hiccups when configuring stuff due to my background with Linux vs how things are done in *BSD.

But security comes at the expense of system responsiveness, so if things with an i3 processor were rather slow, all the stuff OpenBSD makes to keep you secure don't help much in that regard. Still I guess for more decent specs it can be much more bearable.

Another trade-off is that you're supposed to read a lot of documentation. Questioning things are discouraged because their documentation is the holy scriptures for them and everything is already answered there, since how to start X at boot to the meaning of life and the ultimate end of the universe. Not a welcoming mindset for newbies in my humble opinion, and even less for us who don't speak english as their native language, but surprisingly (and funny enough) some of the *BSD people diss at Linux since it's the latter the popular one and not them... So yeah, if you want a secure system you must devote a fair share of time into reading (technical) documentation, but surely you'll learn a thing or two.

I personally couldn't bear pkg/pkgsrc at all - I'm so used to Portage it felt so restrictive in terms of customizability. But if you come from, say, apt or rpm, it would be fine I guess. I heard even KDE is available for it so it seems they're working hard in making more software available for them.

Still it seems nothing beats OpenBSD in terms of security so it will be a great choice for you.

I run OpenBSD on an ancient laptop that I use to play videos. In about 7 years, I have had no bad experiences with it. Upgrading from release to release has been painless, hardware support is fine. Playing HD videos is out of the question, but the laptop is from ~2008, and it wasn't a high end model back in the day, so there is little OpenBSD can do about that.

I cannot say much about security, but in terms of reliability, I have only good things to say about the system.

EDIT: Once you connect a device to the Internet and possibly install third-party software on it, your own expertise is likely to have a bigger impact on security than the underlying system. I am not recommending to NOT use OpenBSD, but if you have no prior experience with it, you might have a better experience using what you know.

I don’t like missing 3D GPU drivers, and missing .NET runtime. If it had these two things I would try OpenBSD for embedded use cases, instead of Debian or Alpine Linux.

Linux GPU story is not stellar but for embedded applications it’s not too bad; KMS, DRM, and GL or GLES library stack worked amazingly well for me.

1. I love OpenBSD, I mostly use it for servers. I tried on Desktop, but since I was using CLion a lot at the time, the experience didn't work out (CLion uses a bundled native executable which didn't work). If you use a lot of open source software, then I'd expect the experience to be better

2. Pros: Secure, clear documentation and straight forward to configure, quality tools made by the project- pf is fantastic (I use authpf a lot too). The packages tend to have what you need included (php, etc.) When you get something set up it tends to keep running well for a long time.

Cons: If the package isn't well maintained, then it will eventually be removed, so there are some packages missing, but usually you can just compile it yourself. It also means the packages that exist tend to be maintained well and are secure.

3. Not sure on this, but one thing to check is the WiFi card. I tried with an older ThinkPad, and some of the ThinkPads have compatible Wifi cards, and some didn't. I got one that wasn't compatible.

Ages ago I worked for a while on OpenBSD on an old Dell laptop. It was a very stable system, and I could not complain. As previous posts point out, it tends to have good support for old hardware. I used Firefox for browsing, and it was noticeably slower than on Linux. It really depends on what software you need for work. If you prefer a BSD, FreeBSD tends to be more desktop-ready in my experience (but probably less secure in depth).

Pros:

- The UNIX(TM) experience

- Better manual pages than linux

- Excellent testing ground if you want to keep your scriptery portable

Cons:

- Binary incompatible with glibc linux

- No driver support for my specific iwlwifi card

The filesystem is much slower than other OSes ; how much this matters depends on your usage patterns.

OpenBSD is very well documented and if you are focused on security research or development it can be a good choice.

1. Very easy to install and use, it is very well built.

2. Pro: Only two remote holes in the default install, in a heck of a long time! Con: Less (pre-built) software than linuxes.

3. Something cheaper than a Razer-Blade.

4. You have not stated your requirements other than 'security', which if you demand no more than two remote holes in a very long time, then OpenBSD it is. If 'security' means something other than that you might want to go with a different OS.

I use OpenBSD as my daily driver and develop software in Go. I use DWM + tmux + nvi + git.

Pros:

    - no-bullshit OS
    - very clean, you know what is where and why
    - distraction-free
    - proactive security approach

Cons:

    - slow if you use heavy software like Chrome

Potential deal breakers you should know about:

    - web assembly is turned off by default for security reasons (login to Hetzner or Sinology, using Google Docs is a problem)
    - watching videos in the browser does not feel great

I conclude that it is great for (my) work and encourages you to be minimalistic.

> might be the most secure OS.

What are you planning to use it for (laptop suggests possibly a workstation?)

And what is your threat model? Who is the most likely attacker - govt? Crypto theft? Supply chain?

Why not FreeBSD? It has very useful ports.

If your hardware supports OpenBSD go for it. Basically what you're looking for minimal host fingerprint with VM or dockerized application to work. OpenBSD is relatively small fingerprint and builtin binaries under 100.

Ref: https://jcs.org/openbsd-laptops

If you need security, you should consider a security oriented OS: https://qubes-os.org.

See also: https://forum.qubes-os.org/t/qubesos-vs-openbsd-security/790...

Manual pages are very high quality. Everything's in a single greppable monorepo. Surprisingly good as a router (pf, openbgpd, rpki-client). Filesystem (FFS2) is a bit inflexible compared to ZFS/btrfs/etc.

BSDs are a no brainer if it's up your alley to use.

It was good luck to be exposed to BSD in school.

My experience is you have to be committed to make it a daily driver.

- bsd is good enough for servers

- mainstream Linux is good enough for desktops

- forget about OSS laptops unless it’s a 15 years old thinkpad