OpenBSD
A free (as in freedom) UNIX-like system from the BSD family. The founder and leader of the OS is an expert in the computer security domain, a Canadian programmer Theo de Raadt.
Pic 1. OpenBSD - random desktop
Puffy
OpenBSD's mascot is Puffy — fish from Tetraodontidae family, often confused with Diodontidae family. Learn more about fascinating residents of Red Sea.
Security — Secure by Default
OpenBSD includes a lot of mechanisms increasing the security level in the system. To name a few:
- integration of the strong cryptographic algorithms,
- hardware cryptographic accelerators support,
- integrated PF firewall,
- ability to encrypting disk I/O operations using vnconfig -k pseudo-device,
- continuous audit of the security-critical parts of the system's code,
- randomization in all possible system's areas,
- memory protection mechanisms (W^X, .rodata segment, guard pages, atexit() and stdio protection),
- safe memory allocation functions: strlcpy and strlcat.
Additionally there is a possibility to use a sysjail tool which is designed to be close FreeBSD jails replacement.
In contrast to other operating system creators, OpenBSD's developers do not make an assumption that the user is a computer security expert. The system is fully secured out-of-the-box. Laborious tweaking and security hardening is not necessary. There's been only two remote holes in the default install, in more than 10 years! That's why the OpenBSD motto is "Secure by Default".
The programmers react fast for any security dangers publishing the patches soon after the problem is found. Also software in ports is updated if security vulnerabilities are found. This is result of one of OpenBSD's assumptions — "Do not let serious problems sit unsolved."
Some interesting comparisons between OpenBSD and other systems in terms of security can be found on the Wikipedia entry: Comparison of operating systems (security). And here are the OpenBSD security statistics by the respected Secunia company.
Closed binary drivers issue
OpenBSD's programmers do not agree for the system to contain any closed binary drivers called blob, without available source code. These kind of drivers can be (and often are) a security problem and have lots of disadvantages:
- may contain bugs that are "workarounded", not fixed,
- may be unsupported by vendor at any time,
- may not be supported by OpenBSD's developers,
- may not be fixed by OpenBSD's developers,
- may not be improved by OpenBSD's developers,
- may not be audited,
- are attached to particular platform,
- are often bloated (too big and overloaded).
Most programmers of other operating systems takes pragmatic approach and accept closed binary drivers, especially in 3D acceleration area. OpenBSD's programmers takes idealistic approach and instead of incorporating such drivers they ask vendors for specifications and documentation. See VendorWatch and Vendors. One of OpenBSD's songs describes blob problem.
Ports system
The FreeBSD ports system has been borrowed in the project. Currently the development of both projects goes separately so the systems are not compatible, but they are quite similar.
Ports allow you to install the additional software directly from the source code. Installing software is trivial. You have to go to proper directory in ports and type make install (for example: # cd /usr/ports/x11/ratpoison/; make install for ratpoison window manager installation).The advantage is ability to customize all settings to one's preferences (flavors and subpackages). The disadvantage is sometimes long compilation time, especially for such big programs like KDE or GNOME.
Precompiled binary packages do not give such flexibility, but installation time is much shorter (ratpoison window manager installation: # pkg_add -v ratpoison, PKG_PATH variable should be set). In both cases dependencies are automatically resolved. It is very easy to print outdated packages # /usr/ports/infrastructure/build/out-of-date script or update all of them # pkg_add -u. There is also a possibility to mark the upgrade without actually performing it # pkg_add -n package_name.
The ports need to be regularly upgraded through cvs or much faster cvsup. One may download and uncompress ports.tar.gz file to shorten port's installation time. You can fetch stable version of this file from main FTP server or from mirrors (strongly recommended). For OpenBSD current users snapshot of unstable ports version is also available. Example cvsup server is cvsup.uk.openbsd.org, and cvs is anoncvs@anoncvs1.ca.openbsd.org:/cvs. Full lists of cvsup and cvs servers are available.
Ports are well documented. Pages man ports(7), bsd.port.mk(5) and packages(7) are also available online.
Documentation
However all major BSD systems are pretty well documented, OpenBSD make one's mark because of its documentation. The documentation is complete, polished and covers all aspects of the system. The user is required to spend a lot of time reading and learning the man pages. There is also large FAQ with the most popular questions. There is however no handbook, like the one for FreeBSD or NetBSD.
After installation
After finishing OpenBSD installation, it's worth to read page man afterboot which contains many useful information for new users and perform OpenBSD update. After finishing update, for merge /etc configuration files, /usr/ports/sysutils/mergemaster (remember to install ports) program is very convenient.
Some books about OpenBSD are published. Commercial support is available.
External OpenBSD resources
- Official OpenBSD website
- OpenBSD 4.3 release errata & patch list
- OpenBSD timeline
- OpenBSD@Wikipedia
- OpenBSD@DistroWatch
- OpenBSD@OSNews
- OpenBSD@OnLamp
- OpenBSD@Open Directory
- Alternative OpenBSD banners
- (Un) supported hardware for i386 platform
- OpenBSD server hardware compatibility list
News
- OpenBSD news@DistroWatch
- OpenBSD Journal
- Hackathons
- OpenBSD Media Coverage
- OpenBSD events
- OpenBSD News
- OpenBSD news@KernelTrap
- OpenBSD Conference
- OpenBSD commit stats
- LuckyBSD Blog
Documentation, guides and tips
- Documentation
- The OpenBSD Bookstore
- OpenBSD Wiki
- Using OpenBSD 4.2
- "OpenBSD 101" tutorial
- BSD: Linux With a Twist
- OpenBSDsupport
- OpenBSD tutorials
- MultiBoot — OpenBSD and FAT/NTFS Windows
- OpenBSD Presentations and Papers
- OpenBSD Explained
- Hardening OpenBSD Internet Servers
- Making a bootable OpenBSD installation CDROM
- OpenBSD Packet Filter (PF)
- Firewalling with OpenBSD's PF packet filter
- Software RAID on OpenBSD using RAIDframe
- RAIDing OpenBSD
- OpenBSD SNMP MIBs
- Monitoring PF firewalls for health and performance
- Setting up an IPv6 Test Lab
- Dual booting and swap sharing: OpenBSD and Debian GNU/Linux
Software
Help, forums, community
- OpenBSD Foundation
- OpenBSD subforums: BSDForums, KernelTrap, Nabble Forums, BSDnexus Forums
Derivative works and LiveCD
Reviews
- 4.3: www.ibm.com/developerworks
- 4.2: www.softwareinreview.com
- 4.1: www.softwareinreview.com
- 4.0: www.softwareinreview.com, InfoWorld
- 3.9: developerWorks, InformIT, Software in Review
- 3.8: NewsForge
- 3.7: Flavio’s TechnoTalk, ImprovedSource, NewsForge
- 3.6: NewsForge, eWeek
- 3.5: NewsForge, DistroWatch, BSDartwork.com
- 3.4: OSNews
- 3.3: eWeek, ZDNet Australia
- A First Ever Look Inside The Defcon Network Operations Center
- NetBSD vs. OpenBSD: out-of-box experience
Interviews
- Theo de Raadt: www.youtube.com, kerneltrap.org, en.epochtimes.com, bsd.slashdot.org, os.newsforge.com, ezine.daemonnews.org kerneltrap.org, kerneltrap.org, www.computerworld.com.au, www.forbes.com www.youtube.com
- Felix Kronlage, Ken Westerback, Wim Vandeputte, Henning Brauer, Fernando Gont, Joris Vink, Miod Vallat
- Editors Blog - Looking Forward to 4.3
- Puffy's Marathon: What's New in OpenBSD 4.2
- OpenBSD: Free As In Air
- OpenBSD 4.1: Puffy Strikes Again
- OpenBSD 4.0: Pufferix's Adventures
- OpenBSD 3.7: The Wizard of OS
- OpenBSD PF Developer Interview
- The Essence of OpenBSD
- More on OpenBSD's new compiler
- bsdtalk: Peter N. M. Hansteen, William Hurley, Matthieu Herrb, Jason Dixon, Robert Ricci, Pierre-Yves Ritschard, Ty Semaka, Claudio Jeker, Mike Erdely, Jason Wright, David Gvynne, Marc Balmer, Christoph Egger, Bob Beck
Download
- 4.3: i386, amd64 [MD5 control sums]
- Order official CDs
Screenshots
Propagate this post
Subscribe to RSS feed for this article! | Trackback URI
9 Comments
- A hyperlink: <a href="polishlinux.org">GNU/Linux for everyone!</a>,
- Strong text: <strong>Strong text</strong>,
- Italic text: <em>italic text</em>,
- Strike: <strike>
strike</strike>, - Code: <code>
printf("hello world");</code>, - Block quote: <blockquote>Block quote</blockquote>
The “OpenBSD gadgets” link contains several acts of copyright violation, it should not be linked here because of that. OpenBSD’s graphics are not permitted for that kind of usage.
I removed the link. Thanks for the information.
It’s the best system which I have ever used!!! But it isn’t for newbie… ;]
[...] Source : da, polishlinux ! Pour info, il existait déja ses deux petits cousins : Anonym-OS et OliveBSD These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
Nice short summary.
Here you are another link:
http://www.aei.mpg.de/~pau/zen_process_obsd.html
for dual booting with linux
I have a question: What wm are you using in the screenshot? blackbox?
It looks very nice. And what mail notificator programme are you using?
Cheers
http://nate.my-balls.com/reference/?content=graphics&menu=appendices has some additional banners, even a couple background images.
nelly fertado lyrics…
Thanks for the nice read, keep up the interesting posts…..
It’s not the FreeBSD ports system anymore, it hasn’t been for a while. It just works similarly still. There was a ground-up remake of the tools a while back.
This is a great overview.
Some updates for OpenBSD 4.4 …
Current version: 4.4
Video review: OpenBSD 4.4 released
O`Reilly interview: Source Wars - Return of the Puffy: What’s New in OpenBSD 4.4
ports: OpenPorts.se