OpenBSD facts for kids
![]() Free, Functional, and Secure
|
|
![]() OpenBSD 7.0 default desktop with various utilities: top, xterm, xcalc, and glxgears
|
|
Company / developer | Theo de Raadt et al. |
---|---|
Programmed in | C, assembly, Perl, Unix shell |
OS family | Unix-like (BSD) |
Working state | Current |
Source model | Open source |
Initial release | July 1996 |
Package manager | OpenBSD package tools |
Supported platforms | Alpha, x86-64, ARMv7, ARMv8 (64-bit), PA-RISC, IA-32, LANDISK, Loongson, Omron LUNA-88K, MIPS64, macppc, PowerPC, 64-bit RISC-V, SPARC64 |
Kernel type | Monolithic |
Userland | BSD |
Default user interface | Modified pdksh, X11 (FVWM) |
License | BSD, ISC, other permissive licenses |
OpenBSD is a special kind of operating system that focuses on security. It's also free and open-source, meaning anyone can use, change, and share its code. OpenBSD is based on Unix-like systems, specifically the Berkeley Software Distribution (BSD).
Theo de Raadt started OpenBSD in 1995. He created it by taking the code from NetBSD 1.0 and making his own version. The OpenBSD project cares a lot about making software that works on many different computers (portability). They also focus on following rules (standardization), fixing mistakes (correctness), and building in cryptography (secret codes) for safety.
The OpenBSD project also makes many parts of its system available for other operating systems. For example, the firewall in Apple's macOS uses code from OpenBSD's PF firewall. Also, Windows 10 uses OpenSSH (OpenBSD Secure Shell), which helps you connect to other computers safely.
The word "open" in OpenBSD means that its source code is available for everyone to see on the Internet. It also means that OpenBSD works on many different types of computers. This includes common ones like x86-64 and ARM, and others like PowerPC.
Contents
History of OpenBSD
In December 1994, Theo de Raadt was a founding member of the NetBSD project. He left the NetBSD team because of disagreements. In October 1995, De Raadt started OpenBSD. This new project was based on NetBSD 1.0.
The first release, OpenBSD 1.2, came out in July 1996. OpenBSD 2.0 followed in October of the same year. Since then, the project has released a new version every six months. Each version is supported for one year.
In 2007, OpenBSD developers created the OpenBSD Foundation. This is a non-profit group in Canada. Its goal is to help people and organizations support OpenBSD legally.
How Many People Use OpenBSD?
It's hard to know exactly how many people use OpenBSD. The developers don't track or share these numbers.
In 2005, a survey of 4,330 BSD users showed that 32.8% used OpenBSD. This was less than FreeBSD (77%) but more than NetBSD (16.3%). However, the survey creators said it wasn't perfect. It mainly reached people through online groups, so it might not show the full picture.
What OpenBSD Is Used For
OpenBSD is known for being very secure and stable. This makes it useful for many different jobs.
Network Devices
OpenBSD has strong TCP/IP networking features. It can be used as a router or a wireless access point. Its security features, built-in cryptography, and packet filter make it great for security. This includes firewalls, systems that detect attacks, and VPN gateways.
Some companies use OpenBSD as the base for their own security products.
Other Operating Systems
Parts of OpenBSD's code are used in other operating systems. For example, some versions of Microsoft's Windows Services for UNIX use OpenBSD code. The pf firewall from OpenBSD is also used in FreeBSD and macOS.
Personal Computers
OpenBSD comes with Xenocara, which is its version of the X Window System. This means it can be used as a desktop system for personal computers, including laptops. As of 2018, OpenBSD had about 8,000 software packages available. These include desktop environments like GNOME and Xfce, and web browsers like Firefox and Chromium.
Servers
OpenBSD has all the tools needed for a server. It can be set up as a mail server, web server, FTP server, DNS server, router, firewall, or NFS file server. Since version 6.8, OpenBSD also includes WireGuard support, which is a modern VPN technology.
Security Focus
OpenBSD is very focused on security. When OpenBSD was new, Theo de Raadt worked with a security company. This helped make security the main goal of the OpenBSD project.
OpenBSD has many features to make it more secure:
- It uses safer ways to handle data in its C programming library.
- It has tools that check code for problems.
- It uses memory protection to stop unauthorized access.
- It uses strong cryptography and randomization to make things harder for attackers.
- It limits what programs can do, like what files they can access.
To make it harder for attackers to take control, many programs in OpenBSD are designed with "privilege separation." This means a program is split into parts. One part does sensitive tasks with special permissions, while the main part runs with very few permissions. This limits damage if a program is attacked.
OpenBSD developers also created OpenSSH (OpenBSD Secure Shell). This tool helps you connect to other computers securely. It's based on the original SSH and is now used on many operating systems.
The project constantly checks its own code for security problems. Developers look for bugs and try to fix them. They also try to improve the tools that help find these bugs.
OpenBSD's Security Track Record
OpenBSD is famous for its security record. For many years, their website proudly stated:
Five years without a remote hole in the default install!
In 2002, a serious bug was found in OpenSSH. This bug allowed an attacker to gain full control of a computer from far away. Because OpenSSH was used widely, this was a big deal. The slogan on the OpenBSD website changed to:
One remote hole in the default install, in nearly 6 years!
In 2007, another remote security problem was found. The slogan changed again:
Only two remote holes in the default install, in a heck of a long time!
Some people have criticized this slogan. They say the default OpenBSD installation has very few running services. If you add more software, you might introduce new security risks. However, the project says the slogan only refers to the basic, default installation, which is very secure.
OpenBSD believes in making systems simple and secure by default. The basic installation is very minimal. This helps new users stay safe without needing to be security experts right away. Users must manually turn on extra services, which makes them think about security first.
Alleged Backdoor
In 2010, a former FBI consultant claimed that the FBI paid some OpenBSD developers to add secret backdoors. These backdoors would allow unauthorized access. Theo de Raadt made this claim public and asked developers to check the code. They fixed some bugs, but found no evidence of backdoors. De Raadt thought that if backdoors were written, they probably didn't make it into OpenBSD's main code.
Criticisms of Security
In 2017, a security expert named Ilja van Sprundel said that even though OpenBSD was the most secure BSD system, "Bugs are still easy to find in those kernels."
In 2019, another talk at a conference argued that while OpenBSD has good security features, some of them might not be as effective as believed. They suggested a more scientific approach to designing security measures.
Key Projects Started by OpenBSD
Many open-source projects began as parts of OpenBSD. These projects are often used in other operating systems too.
- bioctl: A tool to manage RAID storage systems.
- CARP: A free way to make network systems more reliable.
- cwm: A simple window manager for the desktop.
- doas: A safer replacement for the `sudo` command.
- OpenBSD httpd: OpenBSD's own web server.
- hw.sensors: A system for reading hardware sensors.
- LibreSSL: A version of SSL and TLS protocols, made from OpenSSL.
- OpenBGPD: A tool for managing network routing.
- OpenIKED: A tool for secure network connections.
- OpenNTPD: A simpler way to keep computer clocks accurate.
- OpenOSPFD: A tool for managing network routing.
- OpenSMTPD: An email server.
- OpenSSH: A very popular tool for secure remote connections.
- PF: A powerful firewall for network traffic.
- pfsync: A way to keep firewall settings in sync for high reliability.
- sndio: A small system for audio and MIDI.
- spamd: A spam filter that works with the PF firewall.
- Xenocara: OpenBSD's custom version of the X.Org system.
Many of these tools are used by other Unix-like systems. OpenBSD developers often create new tools from scratch if they feel existing ones are not good enough. This leads to many useful components that other systems adopt.
OpenBSD runs most of its standard programs in a very secure way. This means they are limited in what they can access on the system.
How OpenBSD Is Developed
OpenBSD is always being developed. Anyone with the right skills can help. New versions are released twice a year, and each is supported for 12 months. There are also "snapshot" releases available often.
Users can update their systems with patches using `syspatch`. They can also upgrade to newer versions using `sysupgrade`. The standard OpenBSD kernel is recommended for most users.
Software not part of the main system is managed through a "ports tree." This is a collection of instructions for building software packages. OpenBSD builds these packages centrally for different computer types. It's usually best for users to install these pre-built packages.
OpenBSD developers often meet at special events called "hackathons." Here, they work together intensely on coding. Most new releases also come with a unique song!
Open Source and Documentation
OpenBSD is known for its good documentation.
When OpenBSD started, its creator, Theo de Raadt, decided that the source code should be open to everyone. This was unusual at the time. This decision allowed more people to help improve the project. OpenBSD still uses a system called CVS (or its own version, OpenCVS) to manage its code.
OpenBSD does not include secret, "closed source" drivers. They also don't use code that requires signing non-disclosure agreements. This means all the code is open for review.
Because OpenBSD is based in Canada, it doesn't have the same export rules for cryptography as the United States. This allows it to use strong encryption. For example, sensitive data on the system is encrypted to keep it safe.
OpenBSD also makes many things random. This makes it harder for attackers to predict how the system works. For example, process IDs and port numbers are random. This also helps find bugs in the system.
OpenBSD believes that hardware companies should provide documentation for their devices. Without it, developers can make mistakes when writing drivers. They also don't trust closed-source drivers from vendors because they can't fix them if they break.
Licensing Rules
OpenBSD has strict rules about software licenses. They prefer licenses like the ISC license and other BSD licenses. These licenses allow people to use and share the code freely. They consider licenses like the Apache License and GNU General Public License to be too restrictive.
In 2001, OpenBSD checked all its code for licensing issues. They found some code that wasn't properly licensed. They either removed it, replaced it, or got new permission to use it. For example, they removed all software from Daniel J. Bernstein because he required approval for any changes.
Because of these license concerns, OpenBSD developers have rewritten software from scratch. For instance, they created the PF packet filter after problems with another firewall's license. PF first appeared in OpenBSD 3.0 and is now used in many other operating systems. OpenBSD has also replaced tools licensed under the GPL with more open alternatives.
Funding OpenBSD
Even though OpenBSD is used in many commercial products, most of its funding doesn't come from companies. Instead, it comes from user donations and people buying their CD-ROMs.
In the early 2000s, the project received some funding from DARPA. This helped pay developers and buy hardware.
In 2006, OpenBSD faced financial problems. Organizations like the Mozilla Foundation and GoDaddy helped them. However, Theo de Raadt noted that most of the money came from individual users, not big companies.
In 2014, OpenBSD needed money to cover electricity costs. They received a large donation from Mircea Popescu, a bitcoin creator. The project raised enough money to secure its future for a while.
OpenBSD Foundation
Formation | July 25, 2007 |
---|---|
Founder | OpenBSD developers |
Legal status | Nonprofit organization |
Location |
The OpenBSD Foundation is a non-profit group in Canada. It was started by the OpenBSD project in 2007. Its main job is to be a legal contact point for people and groups who want to support OpenBSD. It also helps protect other related projects like OpenSSH and LibreSSL.
Since 2014, big companies like Microsoft, Facebook, and Google have given money to the OpenBSD Foundation. In 2015, Microsoft became a "gold level" supporter. This was to help develop OpenSSH, which Microsoft started using in Windows.
OpenBSD is available in several ways for free. You can get its source code or download ready-to-use versions. For a small fee, you used to be able to order CD-ROM sets. These CDs, with their artwork and theme songs, were a key way the project earned money. However, CD-ROM sets are no longer released since version 6.1.
OpenBSD has a system for installing and managing extra programs. These are called "packages." They are pre-built files that you can easily add or remove. OpenBSD's packages are designed to work perfectly with each specific version of the operating system.
Songs and Artwork
OpenBSD first used a special version of the BSD daemon as its mascot. This was drawn by Erick Green for versions 2.3 and 2.4.
Later, OpenBSD chose a pufferfish named Puffy as its mascot. Puffy now appears on OpenBSD's promotional items. He is also featured in the release songs and artwork.
Each OpenBSD release has a unique theme, including CD-ROMs, songs, posters, and T-shirts. These often share a message important to the project, sometimes using humor or parody.
For example, OpenBSD 3.3 had "Puff the Barbarian," a rock song parody of Conan the Barbarian. It was about open documentation. OpenBSD 3.7 featured "The Wizard of OS," a parody of The Wizard of Oz about wireless drivers. OpenBSD 3.8 had "Hackers of the Lost RAID," a parody of Indiana Jones about new RAID tools.
OpenBSD Versions
The table below lists the different versions of the OpenBSD operating system.
Legend: | Old version, not maintained | Older version, still maintained | Current stable version | Future release |
---|
Version | Release date | Supported until | Key changes |
---|---|---|---|
1.1 | 18 October 1995 |
|
|
1.2 | 1 July 1996 |
|
|
2.0 | 1 October 1996 | ||
2.1 | 1 June 1997 | Replaced the old `sh` with pdksh. | |
2.2 | 1 December 1997 | Added the `afterboot(8)` manual page. | |
2.3 | 19 May 1998 | Introduced the "haloed daemon" mascot (head only). | |
2.4 | 1 December 1998 | Featured the complete "haloed daemon" mascot. | |
2.5 | 19 May 1999 | Introduced the Cop daemon image. | |
2.6 | 1 December 1999 | First release of OpenSSH, which is now widely used. | |
2.7 | 15 June 2000 | Added support for SSH2 in OpenSSH. | |
2.8 | 1 December 2000 | Included `isakmpd(8)`. | |
2.9 | 1 June 2001 | Improved filesystem performance. | |
3.0 | 1 December 2001 |
|
|
3.1 | 19 May 2002 | Systemagic song released. First official remote security flaw found in OpenSSH. | |
3.2 | 1 November 2002 | Goldflipper song released. | |
3.3 | 1 May 2003 |
|
|
3.4 | 1 November 2003 |
|
|
3.5 | 1 May 2004 |
|
|
3.6 | 1 November 2004 |
|
|
3.7 | 19 May 2005 | The Wizard of OS song released, about wireless drivers. | |
3.8 | 1 November 2005 | 1 November 2006 | Hackers of the Lost RAID song released, about new RAID tools. Removed the telnet daemon.
|
3.9 | 1 May 2006 | 1 May 2007 |
Attack of the Binary BLOB song released, about fighting binary blobs.
|
4.0 | 1 November 2006 | 1 November 2007 | Humppa Negala song released. Second official remote security flaw found. |
4.1 | 1 May 2007 | 1 May 2008 | Puffy Baba and the 40 Vendors song released, criticizing hardware vendors.
|
4.2 | 1 November 2007 | 1 November 2008 | 100001 1010101 song released. Improved usability of sensors. |
4.3 | 1 May 2008 | 1 May 2009 | Home to Hypocrisy song released. |
4.4 | 1 November 2008 | 18 October 2009 |
Trial of the BSD Knights song released, about BSD history.
|
4.5 | 1 May 2009 | 19 May 2010 | Games song released.
|
4.6 | 18 October 2009 | 1 November 2010 | Planet of the Users song released.
|
4.7 | 19 May 2010 | 1 May 2011 | I'm Still Here song released. |
4.8 | 1 November 2010 | 1 November 2011 | El Puffiachi song released.
|
4.9 | 1 May 2011 | 1 May 2012 | The Answer song released.
|
5.0 | 1 November 2011 | 1 November 2012 | What Me Worry? song released. |
5.1 | 1 May 2012 | 1 May 2014 | Bug Busters song released. |
5.2 | 1 November 2012 | 1 November 2013 | Aquarela do Linux song released.
|
5.3 | 1 May 2013 | 1 May 2014 | Blade Swimmer song released.
|
5.4 | 1 November 2013 | 1 November 2014 | Our favorite hacks song released. |
5.5 | 1 May 2014 | 1 May 2015 | Wrap in Time song released.
|
5.6 | 1 November 2014 | 18 October 2015 | Ride of the Valkyries song released.
|
5.7 | 1 May 2015 | 29 March 2016 | Source Fish song released.
|
5.8 | 18 October 2015 | 1 September 2016 | Multiple songs for the 20th anniversary release.
|
5.9 | 29 March 2016 | 11 April 2017 | Doctor W^X and Systemagic (Anniversary Edition) songs released.
|
6.0 | 1 September 2016 | 9 October 2017 | Songs parodying Pink Floyd's albums.
|
6.1 | 11 April 2017 | 15 April 2018 | Winter of 95 song released.
|
6.2 | 9 October 2017 | 18 October 2018 | A three-line diff song released.
|
6.3 | 2 April 2018 | 3 May 2019 |
|
6.4 | 18 October 2018 | 17 October 2019 |
|
6.5 | 24 April 2019 | 19 May 2020 |
|
6.6 | 17 October 2019 | 18 October 2020 |
|
6.7 | 19 May 2020 | 1 May 2021 |
|
6.8 | 18 October 2020 | 14 October 2021 |
|
6.9 | 1 May 2021 | 21 April 2022 |
|
7.0 | 14 October 2021 | 20 October 2022 |
|
7.1 | 21 April 2022 | 10 April 2023 |
|
7.2 | 20 October 2022 | 16 October 2023 |
|
7.3 | 10 April 2023 | 5 April 2024 |
|
7.4 | 16 October 2023 | November 2024 |
|
7.5 | 5 April 2024 | May 2024 |
|
See Also
In Spanish: OpenBSD para niños
- Comparison of BSD operating systems
- Comparison of open-source operating systems
- OpenBSD security features
- Security-focused operating system