True but that is also the same with Debian netinst. The big difference is Xenocara is installed by default. You specifically have to untick the dist package for it not to be.

When you install a service package in Linux, most distros automatically add it to the startup (systemd actually provides a tweak to change this default behaviour these days). With BSD's the tradition is not to. So xenodm remains disabled.

One thing is xf86(4) is also asked during install on some older / vesa drivers. This defaults to off for security. Required for some graphics hardware.

In some ways I think it is still meaningful. Because it suggests that users are happy with relatively slow experiences with a heavy desktop environment. So really it shows that people aren't concerned with speed at all and that it is a moot point that OpenBSD is a little slower than Linux.

Most Linux distros don't actually add a service to startup just because you install a package. Red Hat, SUSE family of distros certainly don't. Debian based ones tend to but they are more of an outlier. All of that behavior predates systemd.

It seems that most do (Though probably because so many distributions are Debian based). As you mentioned, RedHat/Fedora and SUSE are the main ones who have disable * set. The Linux documentation is a mess so I can't be bothered to track it down but on one of these systemd related pages it actually referred to "Debian approach vs Fedora approach" when it came to this.

Edit: Found it: https://www.freedesktop.org/software...md.preset.html
It was the same manpage, different version and (bizarrely) this old info was added recently to the package.

(And lets be honest, it is completely sodding random what different distros have enabled. A "minimal" RHEL has a load of old random crap enabled by default but I guess this is a slightly different issue. Best to debootstrap or dnf from scratch if you want any semblance of tidiness, or use BSD bringing us back to topic ).

The services off by default is the case with most distros outside of the Debian family including say Arch and Gentoo.

Yes thats a different issue altogether although all the services enabled in the systemd preset is either hardware dependent ie) if the hardware doesn't exist, the service is automatically disabled or basic things like the following from a minimal install
In any case, if you are doing it at scale, one would just use kickstart (Red Hat) or Debian (preseed) to customize the package set and services anyway.

-On systems with arm64 architecture Pointer Authentication is enabled to protect user space. The technology allows using specialized ARM64 instructions to verify return addresses using digital signatures stored in unused upper bits of the pointer itself.

- The settings of the system compiler clang, as well as clang and gcc from ports, have been changed to apply the above mentioned protection mechanisms, which significantly increased the protection of all base applications and most applications from ports against exploits using ROP (Return-Oriented Programming) methods.

- Added a new system call kqueue1, which differs from kqueue by passing flags. Currently, kqueue1 supports only the O_CLOEXEC (close-on-exec) flag to automatically close file descriptors in a child process after an exec() call.

- A fix has been ported from FreeBSD to remove undefined behavior when using MS-DOS file systems.

- Disabled the softdep mount option used for deferred grouped metadata writes.

- Programs protected by the unveil system call are allowed to save core dumps to the current working directory.

- The pfsync packet filter table synchronization interface is rewritten to improve lock handling and compatibility with future work on network stack parallelization.

- Improvements have been made to the VMM hypervisor. In vmd, implemented multiprocess model support for block and network virtio devices. Added support for zero-copy vector I/O to block virtio-device. Restricted guest system access to AMD processors p-state modes. Virtual machine owners are allowed to override the bootable kernel via vmctl.

- Added new uchar.h header file with char32_t and char16_t types and c32rtomb(), mbrtoc32(), c16rtomb() and mbrtoc16() functions defined in C11 standard.

- A "D" option has been added to the malloc function to detect memory leaks using ktrace ("MALLOC_OPTIONS=D ktrace -tu program") and kdump ("kdump -u malloc ...").

- Added support for the ${.VARIABLES} variable in the make utility to output the names of all exposed global variables.

- Added "-u" option to the kdump utility to select utrace trace points by a specified label.

- Added "--size-only" and "--ignore-times" options to the openrsync utility.

- In cron and crontab, added support for random offsets when specifying ranges of values with specified increments, which allows avoiding simultaneous resource request from different machines that have the same rules in cron. For example, specifying "0~59/30" or "~/30" in the minutes field will cause the command to run twice an hour at consecutive randomly selected intervals.

- Added to wsconsctl utility the possibility of mapping buttons for pressing with two or three fingers on the clickpad.

- Added support for downloading files from EFI System Partition.

- Added check of all blocks in the deferred memory release list to the malloc function to detect situations of writing to the released memory area.

- The shutdown command now requires a user to be added to the "_shutdown" group, which separates the authority associated with shutdown and direct reads from disk devices.

- Using the unveil system call, the patch utility is limited to accessing only the current directory, the directory with temporary files, and files listed on the command line.

- Added sysctl net.inet6.icmp6.nd6_queued to show the number of packets waiting for ND6 response (similar to ARP).

- When IPv6 address is configured on a network interface, an announcement is sent to neighboring routers via multicast address.

- Added initial support for TSO (TCP Segmentation Offload) and LRO (TCP Large Receive Offload) for segmentation and packet merging on the NIC side.

- Accelerated loading of pf packet filter rules from the kernel by pfctl utility. Handling of "keep state" and "nat-to" actions for error messages returned via ICMP is enabled.

- Disabled calculation of IP, TCP and UDP checksums for loopback interfaces.

- Added initial support for route-based IPsec VPNs.

- Added support for Flowspec to bgpd (RFC5575, so far only flowspec rule announcement is supported). ASPA (Autonomous System Provider Authorization) implementation brought to compliance with draft-ietf-sidrops-aspa-verification-16 and draft-ietf-sidrops-aspa-profile-16 specifications, and switched to AFI (Address Family Indicator) independent lookup tables.

- Improved rpki-client performance by 30-50%. Added support for gzip and deflate compression.

- LibreSSL and OpenSSH packages have been updated. Detailed overview of improvements can be found in LibreSSL 3.8.0, OpenSSH 9.4 and OpenSSH 9.5 reviews.​

- The number of ports for AMD64 architecture was 11845 (was 11764), for aarch64 - 11508 (was 11561), for i386 - 10603 (was 10572).

As ayumu pointed out, you'd be quite wrong.

I'm an old Arch rc.d guy, but I use and enjoy systemd at home and professionally.
It stays out of my way generally, is fast, has comprehensive documentation, and is simple to write units for.
I don't use a desktop environment and prefer combining small tools for most any task, but systemd has never given me cause to do more than peek at alternatives.
Especially when proficiency with it is useful both professionally and for porting or running third party software as-is.

You can find another very good talk about systemd's merits from a BSD perspective here from Benno Rice: https://www.youtube.com/watch?v=6AeWu1fZ7bY

I've used OpenBSD on my (hobby, low bandwidth) server for years and love how it stays out of my way and runs as little as possible by default.
stormcrow was dismissive of the "default configuration", but if you have clear expectations from your server, you can achieve peace of mind knowing how little code is exposed to the world, and how much thought OpenBSD puts into preventing whole classes of vulnerabilities from first principles.

Might as well have done the lede with "that file system that guy who killed his wife wrote..."

People have biases.

Operating systems are tools. If it's not the tool you like, go to your store and get the one you like. If you're store is "FOSS Я US" then Linux will be available. No need to pay, but be polite to the worked and remember -- they don't work for you. If BSD or MIT is for you, well there are your choices as well.

As a coder and computer science and engineer guy it amazes me people want to turn "your preference of which tool to use" into a religion.

Thanks for the summary, Michael.

Aside: BSD people - good on ya. This is a welcome improvement. I'll stick with my tools, and you stick with yours.

E

Other Aside: Hopefully someone will think to put the kernel build process in git. I'm really tired of finding Linux kernel build system dependency issues and in order to start the process of getting them fixed, I have to deal with Linux Theos.