Developer | Theo de Raadt et al. |
---|---|
Written in | C, assembly, Perl, Unix shell |
OS family | Unix-like (BSD) |
Working state | Current |
Source model | Free software |
Initial release | July 1996 |
Latest release | 7.6 (8 October 2024 ) [±] |
Repository | |
Package manager | OpenBSD package tools [1] |
Platforms | Alpha, x86-64, ARMv7, ARMv8 (64-bit), PA-RISC, IA-32, LANDISK, Loongson, Omron LUNA-88K, MIPS64, macppc, PowerPC, 64-bit RISC-V, SPARC64 [2] |
Kernel type | Monolithic |
Userland | BSD |
Default user interface | Modified pdksh, X11 (FVWM) |
License | BSD, ISC, other permissive licenses [3] |
Official website | www |
OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. [4] The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography. [5]
The OpenBSD project maintains portable versions of many subsystems as packages for other operating systems. Because of the project's preferred BSD license, which allows binary redistributions without the source code, many components are reused in proprietary and corporate-sponsored software projects. The firewall code in Apple's macOS is based on OpenBSD's PF firewall code, [6] Android's Bionic C standard library is based on OpenBSD code, [7] LLVM uses OpenBSD's regular expression library, [8] and Windows 10 uses OpenSSH (OpenBSD Secure Shell) with LibreSSL. [9]
The word "open" in the name OpenBSD refers to the availability of the operating system source code on the Internet, although the word "open" in the name OpenSSH means "OpenBSD". It also refers to the wide range of hardware platforms the system supports. [10] OpenBSD supports a variety of system architectures including x86-64, IA-32, ARM, PowerPC, and 64-bit RISC-V.
In December 1994, Theo de Raadt, a founding member of the NetBSD project, was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team. [11] [4] In October 1995, De Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year. [12] Since then, the project has issued a release every six months, each of which is supported for one year.
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation, a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD." [13]
In 2024, it announced that the project has modified all files since the original import. [14]
It is hard to determine how widely OpenBSD is used, because the developers do not publish or collect usage statistics.
In September 2005, the BSD Certification Group surveyed 4330 individual BSD users, showing that 32.8% used OpenBSD, [15] behind FreeBSD with 77%, ahead of NetBSD with 16.3% and DragonFly BSD with 2.6% [note 1] . However, the authors of this survey clarified that it is neither "exhaustive" nor "completely accurate", since the survey was spread mainly through mailing lists, forums and word of mouth. This combined with other factors, like the lack of a control group, a pre-screening process or significant outreach outside of the BSD community, makes the survey unreliable for judging BSD usage globally.
OpenBSD features a robust TCP/IP networking stack, and can be used as a router [16] or wireless access point. [17] OpenBSD's security enhancements, built-in cryptography, and packet filter make it suitable for security purposes such as firewalls, [18] intrusion-detection systems, and VPN gateways.
Several proprietary systems are based on OpenBSD, including devices from Armorlogic (Profense web application firewall), Calyptix Security, [19] GeNUA, [20] RTMX, [21] and .vantronix. [22]
Some versions of Microsoft's Services for UNIX, an extension to the Windows operating system to provide Unix-like functionality, use much of the OpenBSD code base that is included in the Interix interoperability suite, [23] [24] developed by Softway Systems Inc., which Microsoft acquired in 1999. [25] [26] Core Force, a security product for Windows, is based on OpenBSD's pf firewall. [27] The pf firewall is also found in other operating systems: including FreeBSD, [28] and macOS. [29]
OpenBSD ships with Xenocara, [30] an implementation of the X Window System, and is suitable as a desktop operating system for personal computers, including laptops. [31] [32] : xl As of September 2018 [update] , OpenBSD includes approximately 8000 packages in its software repository, [33] including desktop environments such as Lumina, GNOME, KDE Plasma, and Xfce, and web browsers such as Firefox and Chromium. [34] The project also includes three window managers in the main distribution: cwm, FVWM (part of the default configuration for Xenocara), and twm. [35]
OpenBSD features a full server suite and can be configured as a mail server, web server, FTP server, DNS server, router, firewall, NFS file server, or any combination of these. Since version 6.8, OpenBSD has also shipped with native in-kernel WireGuard support. [36] [37]
Shortly after OpenBSD was created, De Raadt was contacted by a local security software company named Secure Networks (later acquired by McAfee). [38] [39] The company was developing a network security auditing tool called Ballista, [note 2] which was intended to find and exploit software security flaws. This coincided with De Raadt's interest in security, so the two cooperated leading up to the release of OpenBSD 2.3. [40] This collaboration helped to define security as the focus of the OpenBSD project. [41]
OpenBSD includes numerous features designed to improve security, such as:
strlcat
for strcat
and strlcpy
for strcpy
[42] To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, many programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege. [46] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these enhancements to OpenBSD versions of many common applications, such as tcpdump, file, tmux, smtpd, and syslogd. [47]
OpenBSD developers were instrumental in the creation and development of OpenSSH (aka OpenBSD Secure Shell), which is developed in the OpenBSD CVS repositories. OpenBSD Secure Shell is based on the original SSH. [48] It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems. [49]
The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem." [50]
The OpenBSD website features a prominent reference to the system's security record. Until June 2002, it read:
Five years without a remote hole in the default install!
In June 2002, Mark Dowd of Internet Security Systems disclosed a bug in the OpenSSH code implementing challenge–response authentication. [51] This vulnerability in the OpenBSD default installation allowed an attacker remote access to the root account, which was extremely serious not only to OpenBSD, but also to the large number of other operating systems that were using OpenSSH by that time. [52] This problem necessitated the adjustment of the slogan on the OpenBSD website to:
One remote hole in the default install, in nearly 6 years!
The quote remained unchanged as time passed, until on 13 March 2007, when Alfredo Ortega of Core Security Technologies disclosed a network-related remote vulnerability. [53] The quote was subsequently changed to:
Only two remote holes in the default install, in a heck of a long time!
This statement has been criticized because the default install contains few running services, and many use cases require additional services. [54] Also, because the ports tree contains unaudited third-party software, it is easy for users to compromise security by installing or improperly configuring packages. However, the project maintains that the slogan is intended to refer to a default install and that it is correct by that measure.
One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean, and secure by default. The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight", [55] which fits with open-source and code auditing practices considered important elements of a security system. [56] Additional services are to be enabled manually to make users think of the security implications first.
On 11 December 2010, Gregory Perry, a former technical consultant for the Federal Bureau of Investigation (FBI), emailed De Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years prior to insert backdoors into the OpenBSD Cryptographic Framework. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase. [57] [58] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found. [59] De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product." [60]
In December 2017, Ilja van Sprundel, director at IOActive, gave a talk at the CCC [61] as well as DEF CON, [62] entitled "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities", in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security, "Bugs are still easy to find in those kernels, even in OpenBSD".
Two years later, in 2019, a talk named "A systematic evaluation of OpenBSD's mitigations" was given [63] at the CCC, arguing that while OpenBSD has some effective mitigations, a significant part of them are "useless at best and based on pure luck and superstition", arguing for a more rational approach when it comes to designing them. [64]
Many open source projects started as components of OpenBSD, including:
Some subsystems have been integrated into other BSD operating systems, [73] [74] [75] and many are available as packages for use in other Unix-like systems. [76] [77] [78]
Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to the Unix philosophy of small, simple tools that work together well: "Some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster". [79] He characterized the developer community's attitude to components as: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great". [79] As a result, OpenBSD is relatively prolific in creating components that become widely reused by other systems.
OpenBSD runs nearly all of its standard daemons within chroot and privsep security structures by default, as part of hardening the base system. [79]
The Calgary Internet Exchange was formed in 2012, in part to serve the needs of the OpenBSD project. [80]
In 2017, Isotop, [81] a French project aiming to adapt OpenBSD to desktops and laptops, using xfce then dwm, started to be developed. [82]
OpenBSD includes a number of third-party components, many with OpenBSD-specific patches, [34] such as X.Org, Clang [83] (the default compiler on several architectures), GCC, [43] [note 3] Perl, NSD, Unbound, ncurses, GNU binutils, GDB, and AWK.
Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and De Raadt acting as coordinator. [32] : xxxv Two official releases are made per year, with the version number incremented by 0.1, [84] and these are each supported for twelve months (two release cycles). [85] Snapshot releases are also available at frequent intervals.
Maintenance patches for supported releases may be applied using syspatch, manually or by updating the system against the patch branch of the CVS source repository for that release. [86] Alternatively, a system administrator may opt to upgrade to the next snapshot release using sysupgrade, or by using the -current branch of the CVS repository, in order to gain pre-release access to recently added features. The sysupgrade tool can also upgrade to the latest stable release version.
The generic OpenBSD kernel provided by default is strongly recommended for end users, in contrast to operating systems that recommend user kernel customization. [87]
Packages outside the base system are maintained by CVS through a ports tree and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower.
Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.
OpenBSD's developers regularly meet at special events called hackathons, [88] where they "sit down and code", emphasizing productivity. [89]
Most new releases include a song. [90]
OpenBSD is known for its high-quality documentation. [91] [92]
When OpenBSD was created, De Raadt decided that the source code should be available for anyone to read. At the time, a small team of developers generally had access to a project's source code. [93] Chuck Cranor [94] and De Raadt concluded this practice was "counter to the open source philosophy" and inconvenient to potential contributors. Together, Cranor and De Raadt set up the first public, anonymous revision control system server. De Raadt's decision allowed users to "take a more active role", and established the project's commitment to open access. [93] OpenBSD is notable for its continued use of CVS (more precisely an unreleased, OpenBSD-managed fork named OpenCVS), when most other projects that used it have migrated to other systems. [95]
OpenBSD does not include closed source binary drivers in the source tree, nor does it include code requiring the signing of non-disclosure agreements. [96] According to the GNU Project, OpenBSD includes small "blobs" of proprietary object code as device firmware. [97]
Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system. [18]
OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the bind
system call uses random port numbers; files are created with random inode numbers; and IP datagrams have random identifiers. [98] This approach also helps expose bugs in the kernel and in user space programs.
The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, De Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up." [99] He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break." [99]
OpenBSD maintains a strict license policy, [3] preferring the ISC license and other variants of the BSD license. The project attempts to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution." [3] The widely used Apache License and GNU General Public License are considered overly restrictive. [100]
In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken. [101] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as the multicast routing tools mrinfo and map-mbone, were relicensed so that OpenBSD could continue to use them. [102] [103] Also removed during this audit was all software produced by Daniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort. [104] [105] [106]
Because of licensing concerns, the OpenBSD team has reimplemented software from scratch or adopted suitable existing software. For example, OpenBSD developers created the PF packet filter after unacceptable restrictions were imposed on IPFilter. PF first appeared in OpenBSD 3.0 [107] and is now available in many other operating systems. [108] OpenBSD developers have also replaced GPL-licensed tools (such as CVS and pkg-config) with permissively licensed equivalents. [109] [110]
Although the operating system and its portable components are used in commercial products, De Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money." [84]
For a two-year period in the early 2000s, the project received funding from DARPA, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from the POSSE project. [84]
In 2006, the OpenBSD project experienced financial difficulties. [111] The Mozilla Foundation [112] and GoDaddy [113] are among the organizations that helped OpenBSD to survive. However, De Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15-to-1 dollar ratio in favor of the little people. Thanks a lot, little people!" [84]
On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD project would shut down. [114] The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid in bitcoins. [115] The project raised US$150,000 [116] in response to the appeal, enabling it to pay its bills and securing its short-term future. [115]
Formation | July 25, 2007 |
---|---|
Founder | OpenBSD developers |
Legal status | Nonprofit organization |
Location | |
Website | www |
ASN |
The OpenBSD Foundation is a Canadian federal non-profit organization founded by the OpenBSD project as a "single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD." [117] It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal safeguard over other projects which are affiliated with OpenBSD, including OpenSSH, OpenBGPD, OpenNTPD, OpenCVS, OpenSMTPD and LibreSSL. [118]
Since 2014, several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft, [119] Facebook, and Google as well as the Core Infrastructure Initiative. [120]
In 2015, Microsoft became the foundation's first gold level contributor [121] donating between $25,000-50,000 to support development of OpenSSH, which had been integrated into PowerShell in July, and later into Windows Server in 2018. [122] Other contributors include Google, Facebook and DuckDuckGo. [123]
During the 2016 and 2017 fundraising campaigns, Smartisan, a Chinese company, was the leading financial contributor to the OpenBSD Foundation. [124] [125]
OpenBSD is freely available in various ways: the source can be retrieved by anonymous CVS, [126] and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync. [127] Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses. [128] Beginning with version 6.1, CD-ROM sets are no longer released.
OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system. [129] Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of Makefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa. [129]
Initially, OpenBSD used a haloed version of the BSD daemon mascot drawn by Erick Green, who was asked by De Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full daemon, including head and body, but only the head was completed in time for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4. [130]
Subsequent releases used variations such as a police daemon by Ty Semaka, [131] but eventually settled on a pufferfish named Puffy. [132] Since then, Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork.
The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils. [90] These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody. [133]
Themes have included Puff the Barbarian in OpenBSD 3.3, which included an 80s rock song and parody of Conan the Barbarian alluding to open documentation, [90] The Wizard of OS in OpenBSD 3.7, related to the project's work on wireless drivers, and Hackers of the Lost RAID, a parody of Indiana Jones referencing the new RAID tools in OpenBSD 3.8.
The following table summarizes the version history of the OpenBSD operating system.
Legend: | Old version, not maintained | Old version, still maintained | Current stable version | Future release |
---|
Version | Release date | Supported until | Significant changes |
---|---|---|---|
1.1 | 18 October 1995 |
| |
1.2 | 1 July 1996 |
| |
2.0 | 1 October 1996 | ||
2.1 | 1 June 1997 | Replacement of the older sh with pdksh. [137] | |
2.2 | 1 December 1997 | Addition of the afterboot(8) man page. [138] | |
2.3 | 19 May 1998 | Introduced the haloed daemon, or aureola beastie, in head-only form created by Erick Green. [139] | |
2.4 | 1 December 1998 | Featured the complete haloed daemon, with trident and a finished body. [140] | |
2.5 | 19 May 1999 | Introduced the Cop daemon image done by Ty Semaka. [141] | |
2.6 | 1 December 1999 | Based on the original SSH suite and developed further by the OpenBSD team, 2.6 saw the first release of OpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite. [142] | |
2.7 | 15 June 2000 | Support for SSH2 added to OpenSSH. [143] | |
2.8 | 1 December 2000 | isakmpd(8) [144] | |
2.9 | 1 June 2001 | Filesystem performance increases from softupdates and dirpref code. [145] | |
3.0 | 1 December 2001 | E-Railed (OpenBSD Mix), [146] a techno track performed by the release mascot Puff Daddy, the famed rapper and political icon.
| |
3.1 | 19 May 2002 | Systemagic, [147] where Puffy, the Kitten Slayer, battles evil script kitties. Inspired by the works of Rammstein and a parody of Buffy the Vampire Slayer.
| |
3.2 | 1 November 2002 | Goldflipper, [149] a tale in which James Pond, agent 077, super spy and suave lady's man, deals with the dangers of a hostile internet. Styled after the orchestral introductory ballads of James Bond films. | |
3.3 | 1 May 2003 | Puff the Barbarian, [150] born in a tiny bowl; Puff was a slave, now he hacks through the C, searching for the Hammer. It is an 80s rock-style song and parody of Conan the Barbarian dealing with open documentation.
| |
3.4 | 1 November 2003 | The Legend of Puffy Hood where Sir Puffy of Ramsay, [151] a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all. Tells of the POSSE project's cancellation. An unusual blend of both hip-hop and medieval-style music, a parody of the tale of Robin Hood intended to express OpenBSD's attitude to free speech.
| |
3.5 | 1 May 2004 | CARP License and Redundancy must be free, [155] where a fish seeking to license his free redundancy protocol, CARP, finds trouble with the red tape. A parody of the Fish Licence skit and Eric the Half-a-Bee Song by Monty Python, with an anti-software patents message.
| |
3.6 | 1 November 2004 | Pond-erosa Puff (live) was the tale of Pond-erosa Puff, [162] a no-guff freedom fighter from the wild west, set to hang a lickin' on no-good bureaucratic nerds who encumber software with needless words and restrictions. The song was styled after the works of Johnny Cash, a parody of the Spaghetti Western and Clint Eastwood and inspired by liberal license enforcement.
| |
3.7 | 19 May 2005 | The Wizard of OS , [165] where Puffathy, a little Alberta girl, must work with Taiwan to save the day by getting unencumbered wireless. This release was styled after the works of Pink Floyd and a parody of The Wizard of Oz; this dealt with wireless hacking. [166] | |
3.8 | 1 November 2005 | 1 November 2006 | Hackers of the Lost RAID, [167] which detailed the exploits of Puffiana Jones, famed hackologist and adventurer, seeking out the Lost RAID, Styled after the radio serials of the 1930s and 40s, this was a parody of Indiana Jones and was linked to the new RAID tools featured as part of this release. This is the first version released without the telnet daemon which was completely removed from the source tree by Theo de Raadt in May 2005. [168] |
3.9 | 1 May 2006 | 1 May 2007 | Attack of the Binary BLOB, [170] which chronicles the developer's fight against binary blobs and vendor lock-in, [171] a parody of the 1958 film The Blob and the pop-rock music of the era. |
4.0 | 1 November 2006 | 1 November 2007 | Humppa Negala, [172] a Hava Nagilah parody with a portion of Entrance of the Gladiators and Humppa music fused together, with no story behind it, simply a homage to one of the OpenBSD developers' favorite genres of music. [173] |
4.1 | 1 May 2007 | 1 May 2008 | Puffy Baba and the 40 Vendors, [175] a parody of the Arabic fable Ali Baba and the Forty Thieves, part of the book of One Thousand and One Nights, in which Linux developers are mocked over their allowance of non-disclosure agreements when developing software while at the same time implying hardware vendors are criminals for not releasing documentation required to make reliable device drivers. [176]
|
4.2 | 1 November 2007 | 1 November 2008 | 100001 1010101, [179] the Linux kernel developers gets a knock for violating the ISC-style license of OpenBSD's open hardware abstraction layer for Atheros wireless cards.
|
4.3 | 1 May 2008 | 1 May 2009 | Home to Hypocrisy [181] [182] |
4.4 | 1 November 2008 | 18 October 2009 | Trial of the BSD Knights, [183] summarizes the history of BSD including the USL v. BSDi lawsuit. The song was styled after the works of Star Wars.
|
4.5 | 1 May 2009 | 19 May 2010 | Games. It was styled after the works of Tron. [186]
|
4.6 | 18 October 2009 | 1 November 2010 | Planet of the Users. [189] In the style of Planet of the Apes , Puffy travels in time to find a dumbed-down dystopia, where "one very rich man runs the earth with one multinational". Open-source software has since been replaced by one-button computers, one-channel televisions, and closed-source software which, after you purchase it, becomes obsolete before you have a chance to use it. People subsist on soylent green. The theme song is performed in the reggae rock style of The Police.
|
4.7 | 19 May 2010 | 1 May 2011 | I'm Still Here [190] |
4.8 | 1 November 2010 | 1 November 2011 | El Puffiachi. [191] [192]
|
4.9 | 1 May 2011 | 1 May 2012 | The Answer. [193]
|
5.0 | 1 November 2011 | 1 November 2012 | What Me Worry?. [194] |
5.1 | 1 May 2012 | 1 May 2014 | Bug Busters. The song was styled after the works of Ghostbusters. [195] |
5.2 | 1 November 2012 | 1 November 2013 | Aquarela do Linux. [196]
|
5.3 | 1 May 2013 | 1 May 2014 | Blade Swimmer. The song was styled after the works of Roy Lee, a parody of Blade Runner. [197]
|
5.4 | 1 November 2013 | 1 November 2014 | Our favorite hacks, a parody of My Favorite Things. [198] |
5.5 | 1 May 2014 | 1 May 2015 | Wrap in Time. [199]
|
5.6 | 1 November 2014 | 18 October 2015 | Ride of the Valkyries. [200]
|
5.7 | 1 May 2015 | 29 March 2016 | Source Fish. [201]
|
5.8 | 18 October 2015 | 1 September 2016 | 20 years ago today, Fanza, So much better, A Year in the Life. [202] (20th anniversary release [203] )
|
5.9 | 29 March 2016 | 11 April 2017 | Doctor W^X, Systemagic (Anniversary Edition). [204]
|
6.0 | 1 September 2016 | 9 October 2017 | Another Smash of the Stack, Black Hat, Money, Comfortably Dumb (the misc song), Mother, Goodbye and Wish you were Secure, Release songs parodies of Pink Floyd's The Wall, Comfortably Numb and Wish You Were Here. [205] |
6.1 | 11 April 2017 | 15 April 2018 | Winter of 95, a parody of Summer of '69. [208]
|
6.2 | 9 October 2017 | 18 October 2018 | A three-line diff [209]
|
6.3 | 2 April 2018 | 3 May 2019 |
|
6.4 | 18 October 2018 | 17 October 2019 |
|
6.5 | 24 April 2019 | 19 May 2020 |
|
6.6 | 17 October 2019 | 18 October 2020 |
|
6.7 | 19 May 2020 | 1 May 2021 |
|
6.8 | 18 October 2020 | 14 October 2021 |
|
6.9 | 1 May 2021 | 21 April 2022 [note 5] |
|
7.0 | 14 October 2021 | 20 October 2022 [note 5] | |
7.1 | 21 April 2022 | 10 April 2023 [note 5] | |
7.2 | 20 October 2022 | 16 October 2023 [note 5] |
|
7.3 | 10 April 2023 | 5 April 2024 [note 5] |
|
7.4 | 16 October 2023 | 8 October 2024 [note 5] |
|
7.5 | 5 April 2024 | May 2025 [note 5] |
|
7.6 | 8 October 2024 | Oct 2025 [note 5] |
|
Lynx is a customizable text-based web browser for use on cursor-addressable character cell terminals. As of 2024, it is the oldest web browser still being maintained, having started in 1992.
PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.
Theo de Raadt is a South African-born software engineer who lives in Calgary, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt won the Free Software Award for his work on OpenBSD and OpenSSH.
Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by Niels Provos and runs on various Unix-like operating systems.
IPFilter is an open-source software package that provides firewall services and network address translation (NAT) for many Unix-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.
OpenNTPD is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.
The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."
Ports collections are the sets of makefiles and patches provided by the BSD-based operating systems, FreeBSD, NetBSD, and OpenBSD, as a simple method of installing software or creating binary packages. They are usually the base of a package management system, with ports handling package creation and additional tools managing package removal, upgrade, and other tasks. In addition to the BSDs, a few Linux distributions have implemented similar infrastructure, including Gentoo's Portage, Arch's Arch Build System (ABS), CRUX's Ports and Void Linux's Templates.
There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8.
Wireless network cards for computers require control software to make them function. This is a list of the status of some open-source drivers for 802.11 wireless network cards.
The Portable C Compiler is an early compiler for the C programming language written by Stephen C. Johnson of Bell Labs in the mid-1970s, based in part on ideas proposed by Alan Snyder in 1973, and "distributed as the C compiler by Bell Labs... with the blessing of Dennis Ritchie."
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version of FreeBSD was released in 1993 developed from 386BSD and the current version runs on IA-32, x86-64, ARM, PowerPC and RISC-V processors. The project is supported and promoted by the FreeBSD Foundation.
Helith Network is a hacker collective active since 1999 and is a globally spread community. It is suspected that Helith is affiliated to specialists in the field of malware and network security.
OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.
OpenSMTPD is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.
The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8. Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server.
LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.
The hw.sensors framework is a kernel-level hardware sensors framework originating from OpenBSD, which uses the sysctl kernel interface as the transport layer between the kernel and the userland. As of 2019, the framework is used by over a hundred device drivers in OpenBSD to export various environmental sensors, with temperature sensors being the most common type. Consumption and monitoring of sensors is done in the userland with the help of sysctl, systat, sensorsd, OpenBSD NTP Daemon, Simple Network Management Protocol (snmpd), ports/sysutils/symon and GKrellM.
The bio(4) pseudo-device driver and the bioctl(8) utility implement a generic RAID volume management interface in OpenBSD and NetBSD. The idea behind this software is similar to ifconfig, where a single utility from the operating system can be used to control any RAID controller using a generic interface, instead of having to rely on many proprietary and custom RAID management utilities specific for each given hardware RAID manufacturer. Features include monitoring of the health status of the arrays, controlling identification through blinking the LEDs and managing of sound alarms, and specifying hot spare disks. Additionally, the softraid
configuration in OpenBSD is delegated to bioctl as well; whereas the initial creation of volumes and configuration of hardware RAID is left to card BIOS as non-essential after the operating system has already been booted. Interfacing between the kernel and userland is performed through the ioctl
system call through the /dev/bio
pseudo-device.
RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications.
The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD.
CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation.
OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...]
Without [SNI's] support at the right time, this release probably would not have happened.
Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc.
Secure by Default.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org [...]
Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
{{cite web}}
: CS1 maint: numeric names: authors list (link)OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka.
Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.
Removed files: libexec/telnetd
{{cite book}}
: |website=
ignored (help)