I am h3artbl33d, a 30-ish Dutchie. Day-to-day I am an entrepreneur and sysop. I manage a lot of systems and networks, for my own company and clients. Luckily, I switched to OpenBSD in my youth. Out of necessity, I manage a bunch of Linux boxes, but mostly OpenBSD boxes.
OpenBSD is my favorite OS due to their rigorous attitude towards security, neat documentation and proper coding skills. For me, security is the leading advantage, as I don’t do compromises—even if it benefits performance, user experience, etc. As soon as viable, I am switching every hypervisor to vmm(4)/vmd(8).
By the way, Mike Larkin has been making awesome improvements—soon we can enjoy more advanced virtualization techniques on OpenBSD—like resource limits.
At work, OpenBSD handles the network infrastructure (routing, firewalling, mail, etc) and safeguarding of sensitive data. New machines are rolled out with Ansible and autoinstall(8), monitoring with zabbix, backups with tarsnap.
At home, I have a completely segmented network—mainly split into two parts, home and work. On both segments, bad guys are kept at a safe distance (pf(4), suricata, rbl), privacy is enforced (known trackers and invasion is blocked on the firewall and DNS level with pf(4) and unbound(8)). In the home segment, I keep no logs to respect the privacy of my partner and our guests, most traffic is allowed (unless specifically blocked), whereas the work segment is on a whitelist basis (both port and IP).
And best of all? It is rock solid. Sure, configuring this takes some time and effort, but it keeps running like nothing else. I only check the logs every day and run syspatch(8) and openup—no crashes or showstopping bugs.
Find me on Twitter, Mastodon, and my personal site.
6 Aug 2018
Mischa Peters and
Hosted by OpenBSD Amsterdam
Sponsored by netzkommune