kids encyclopedia robot

OpenBSD facts for kids

Kids Encyclopedia Facts
Quick facts for kids
OpenBSD
OpenBSD Logo - Cartoon Puffy with textual logo below.svg
Free, Functional, and Secure
OpenBSD 7.0 fvwm screenshot.png
OpenBSD 7.0 default desktop with various utilities: top, xterm, xcalc, and glxgears
Company / developer Theo de Raadt et al.
Programmed in C, assembly, Perl, Unix shell
OS family Unix-like (BSD)
Working state Current
Source model Open source
Initial release July 1996; 28 years ago (1996-07)
Package manager OpenBSD package tools
Supported platforms Alpha, x86-64, ARMv7, ARMv8 (64-bit), PA-RISC, IA-32, LANDISK, Loongson, Omron LUNA-88K, MIPS64, macppc, PowerPC, 64-bit RISC-V, SPARC64
Kernel type Monolithic
Userland BSD
Default user interface Modified pdksh, X11 (FVWM)
License BSD, ISC, other permissive licenses

OpenBSD is a special kind of operating system that focuses on security. It's also free and open-source, meaning anyone can use, change, and share its code. OpenBSD is based on Unix-like systems, specifically the Berkeley Software Distribution (BSD).

Theo de Raadt started OpenBSD in 1995. He created it by taking the code from NetBSD 1.0 and making his own version. The OpenBSD project cares a lot about making software that works on many different computers (portability). They also focus on following rules (standardization), fixing mistakes (correctness), and building in cryptography (secret codes) for safety.

The OpenBSD project also makes many parts of its system available for other operating systems. For example, the firewall in Apple's macOS uses code from OpenBSD's PF firewall. Also, Windows 10 uses OpenSSH (OpenBSD Secure Shell), which helps you connect to other computers safely.

The word "open" in OpenBSD means that its source code is available for everyone to see on the Internet. It also means that OpenBSD works on many different types of computers. This includes common ones like x86-64 and ARM, and others like PowerPC.

History of OpenBSD

In December 1994, Theo de Raadt was a founding member of the NetBSD project. He left the NetBSD team because of disagreements. In October 1995, De Raadt started OpenBSD. This new project was based on NetBSD 1.0.

The first release, OpenBSD 1.2, came out in July 1996. OpenBSD 2.0 followed in October of the same year. Since then, the project has released a new version every six months. Each version is supported for one year.

In 2007, OpenBSD developers created the OpenBSD Foundation. This is a non-profit group in Canada. Its goal is to help people and organizations support OpenBSD legally.

How Many People Use OpenBSD?

Bsd distributions usage
This chart shows how many people used different BSD systems in a 2005 survey.

It's hard to know exactly how many people use OpenBSD. The developers don't track or share these numbers.

In 2005, a survey of 4,330 BSD users showed that 32.8% used OpenBSD. This was less than FreeBSD (77%) but more than NetBSD (16.3%). However, the survey creators said it wasn't perfect. It mainly reached people through online groups, so it might not show the full picture.

What OpenBSD Is Used For

OpenBSD is known for being very secure and stable. This makes it useful for many different jobs.

Network Devices

OpenBSD has strong TCP/IP networking features. It can be used as a router or a wireless access point. Its security features, built-in cryptography, and packet filter make it great for security. This includes firewalls, systems that detect attacks, and VPN gateways.

Some companies use OpenBSD as the base for their own security products.

Other Operating Systems

Parts of OpenBSD's code are used in other operating systems. For example, some versions of Microsoft's Windows Services for UNIX use OpenBSD code. The pf firewall from OpenBSD is also used in FreeBSD and macOS.

Personal Computers

OpenBSD comes with Xenocara, which is its version of the X Window System. This means it can be used as a desktop system for personal computers, including laptops. As of 2018, OpenBSD had about 8,000 software packages available. These include desktop environments like GNOME and Xfce, and web browsers like Firefox and Chromium.

Servers

OpenBSD has all the tools needed for a server. It can be set up as a mail server, web server, FTP server, DNS server, router, firewall, or NFS file server. Since version 6.8, OpenBSD also includes WireGuard support, which is a modern VPN technology.

Security Focus

OpenBSD 7.0 console screenshot
OpenBSD console login screen showing system messages.

OpenBSD is very focused on security. When OpenBSD was new, Theo de Raadt worked with a security company. This helped make security the main goal of the OpenBSD project.

OpenBSD has many features to make it more secure:

  • It uses safer ways to handle data in its C programming library.
  • It has tools that check code for problems.
  • It uses memory protection to stop unauthorized access.
  • It uses strong cryptography and randomization to make things harder for attackers.
  • It limits what programs can do, like what files they can access.

To make it harder for attackers to take control, many programs in OpenBSD are designed with "privilege separation." This means a program is split into parts. One part does sensitive tasks with special permissions, while the main part runs with very few permissions. This limits damage if a program is attacked.

OpenBSD developers also created OpenSSH (OpenBSD Secure Shell). This tool helps you connect to other computers securely. It's based on the original SSH and is now used on many operating systems.

The project constantly checks its own code for security problems. Developers look for bugs and try to fix them. They also try to improve the tools that help find these bugs.

OpenBSD's Security Track Record

OpenBSD is famous for its security record. For many years, their website proudly stated:

Five years without a remote hole in the default install!

In 2002, a serious bug was found in OpenSSH. This bug allowed an attacker to gain full control of a computer from far away. Because OpenSSH was used widely, this was a big deal. The slogan on the OpenBSD website changed to:

One remote hole in the default install, in nearly 6 years!

In 2007, another remote security problem was found. The slogan changed again:

Only two remote holes in the default install, in a heck of a long time!

Some people have criticized this slogan. They say the default OpenBSD installation has very few running services. If you add more software, you might introduce new security risks. However, the project says the slogan only refers to the basic, default installation, which is very secure.

OpenBSD believes in making systems simple and secure by default. The basic installation is very minimal. This helps new users stay safe without needing to be security experts right away. Users must manually turn on extra services, which makes them think about security first.

Alleged Backdoor

In 2010, a former FBI consultant claimed that the FBI paid some OpenBSD developers to add secret backdoors. These backdoors would allow unauthorized access. Theo de Raadt made this claim public and asked developers to check the code. They fixed some bugs, but found no evidence of backdoors. De Raadt thought that if backdoors were written, they probably didn't make it into OpenBSD's main code.

Criticisms of Security

In 2017, a security expert named Ilja van Sprundel said that even though OpenBSD was the most secure BSD system, "Bugs are still easy to find in those kernels."

In 2019, another talk at a conference argued that while OpenBSD has good security features, some of them might not be as effective as believed. They suggested a more scientific approach to designing security measures.

Key Projects Started by OpenBSD

Many open-source projects began as parts of OpenBSD. These projects are often used in other operating systems too.

  • bioctl: A tool to manage RAID storage systems.
  • CARP: A free way to make network systems more reliable.
  • cwm: A simple window manager for the desktop.
  • doas: A safer replacement for the `sudo` command.
  • OpenBSD httpd: OpenBSD's own web server.
  • hw.sensors: A system for reading hardware sensors.
  • LibreSSL: A version of SSL and TLS protocols, made from OpenSSL.
  • OpenBGPD: A tool for managing network routing.
  • OpenIKED: A tool for secure network connections.
  • OpenNTPD: A simpler way to keep computer clocks accurate.
  • OpenOSPFD: A tool for managing network routing.
  • OpenSMTPD: An email server.
  • OpenSSH: A very popular tool for secure remote connections.
  • PF: A powerful firewall for network traffic.
  • pfsync: A way to keep firewall settings in sync for high reliability.
  • sndio: A small system for audio and MIDI.
  • spamd: A spam filter that works with the PF firewall.
  • Xenocara: OpenBSD's custom version of the X.Org system.

Many of these tools are used by other Unix-like systems. OpenBSD developers often create new tools from scratch if they feel existing ones are not good enough. This leads to many useful components that other systems adopt.

OpenBSD runs most of its standard programs in a very secure way. This means they are limited in what they can access on the system.

How OpenBSD Is Developed

OpenBSD hackers at c2k++ at MIT
OpenBSD developers at a "hackathon" event in 2001.
S2k17
OpenBSD hackathon s2k17

OpenBSD is always being developed. Anyone with the right skills can help. New versions are released twice a year, and each is supported for 12 months. There are also "snapshot" releases available often.

Users can update their systems with patches using `syspatch`. They can also upgrade to newer versions using `sysupgrade`. The standard OpenBSD kernel is recommended for most users.

Software not part of the main system is managed through a "ports tree." This is a collection of instructions for building software packages. OpenBSD builds these packages centrally for different computer types. It's usually best for users to install these pre-built packages.

OpenBSD developers often meet at special events called "hackathons." Here, they work together intensely on coding. Most new releases also come with a unique song!

Open Source and Documentation

OpenBSD is known for its good documentation.

When OpenBSD started, its creator, Theo de Raadt, decided that the source code should be open to everyone. This was unusual at the time. This decision allowed more people to help improve the project. OpenBSD still uses a system called CVS (or its own version, OpenCVS) to manage its code.

OpenBSD does not include secret, "closed source" drivers. They also don't use code that requires signing non-disclosure agreements. This means all the code is open for review.

Because OpenBSD is based in Canada, it doesn't have the same export rules for cryptography as the United States. This allows it to use strong encryption. For example, sensitive data on the system is encrypted to keep it safe.

OpenBSD also makes many things random. This makes it harder for attackers to predict how the system works. For example, process IDs and port numbers are random. This also helps find bugs in the system.

OpenBSD believes that hardware companies should provide documentation for their devices. Without it, developers can make mistakes when writing drivers. They also don't trust closed-source drivers from vendors because they can't fix them if they break.

Licensing Rules

OpenBSD has strict rules about software licenses. They prefer licenses like the ISC license and other BSD licenses. These licenses allow people to use and share the code freely. They consider licenses like the Apache License and GNU General Public License to be too restrictive.

In 2001, OpenBSD checked all its code for licensing issues. They found some code that wasn't properly licensed. They either removed it, replaced it, or got new permission to use it. For example, they removed all software from Daniel J. Bernstein because he required approval for any changes.

Because of these license concerns, OpenBSD developers have rewritten software from scratch. For instance, they created the PF packet filter after problems with another firewall's license. PF first appeared in OpenBSD 3.0 and is now used in many other operating systems. OpenBSD has also replaced tools licensed under the GPL with more open alternatives.

Funding OpenBSD

Even though OpenBSD is used in many commercial products, most of its funding doesn't come from companies. Instead, it comes from user donations and people buying their CD-ROMs.

In the early 2000s, the project received some funding from DARPA. This helped pay developers and buy hardware.

In 2006, OpenBSD faced financial problems. Organizations like the Mozilla Foundation and GoDaddy helped them. However, Theo de Raadt noted that most of the money came from individual users, not big companies.

In 2014, OpenBSD needed money to cover electricity costs. They received a large donation from Mircea Popescu, a bitcoin creator. The project raised enough money to secure its future for a while.

OpenBSD Foundation

OpenBSD Foundation
Formation July 25, 2007; 17 years ago (2007-07-25)
Founder OpenBSD developers
Legal status Nonprofit organization
Location

The OpenBSD Foundation is a non-profit group in Canada. It was started by the OpenBSD project in 2007. Its main job is to be a legal contact point for people and groups who want to support OpenBSD. It also helps protect other related projects like OpenSSH and LibreSSL.

Since 2014, big companies like Microsoft, Facebook, and Google have given money to the OpenBSD Foundation. In 2015, Microsoft became a "gold level" supporter. This was to help develop OpenSSH, which Microsoft started using in Windows.

How OpenBSD Is Shared

OpenBSD is available in several ways for free. You can get its source code or download ready-to-use versions. For a small fee, you used to be able to order CD-ROM sets. These CDs, with their artwork and theme songs, were a key way the project earned money. However, CD-ROM sets are no longer released since version 6.1.

OpenBSD has a system for installing and managing extra programs. These are called "packages." They are pre-built files that you can easily add or remove. OpenBSD's packages are designed to work perfectly with each specific version of the operating system.

Songs and Artwork

Puffy, the mascot of OpenBSD
A 3D animated version of Puffy.
The cover for OpenBSD 2.3.

OpenBSD first used a special version of the BSD daemon as its mascot. This was drawn by Erick Green for versions 2.3 and 2.4.

Later, OpenBSD chose a pufferfish named Puffy as its mascot. Puffy now appears on OpenBSD's promotional items. He is also featured in the release songs and artwork.

Each OpenBSD release has a unique theme, including CD-ROMs, songs, posters, and T-shirts. These often share a message important to the project, sometimes using humor or parody.

For example, OpenBSD 3.3 had "Puff the Barbarian," a rock song parody of Conan the Barbarian. It was about open documentation. OpenBSD 3.7 featured "The Wizard of OS," a parody of The Wizard of Oz about wireless drivers. OpenBSD 3.8 had "Hackers of the Lost RAID," a parody of Indiana Jones about new RAID tools.

OpenBSD Versions

The table below lists the different versions of the OpenBSD operating system.

Legend: Old version, not maintained Older version, still maintained Current stable version Latest preview version Future release
Version Release date Supported until Key changes
Old version, no longer maintained: 1.1 18 October 1995
  • OpenBSD's code storage (CVS) was created.
  • This was an early development version, not an official release.
Old version, no longer maintained: 1.2 1 July 1996
  • Added a manual page for kernel details.
  • Integrated the `update(8)` command.
  • Also an early development version.
Old version, no longer maintained: 2.0 1 October 1996
  • The first official OpenBSD release.
  • XFree86 recognized OpenBSD as separate from NetBSD.
  • Added the FreeBSD ports system.
  • Replaced `gawk` with AT&T `awk`.
  • Included zlib and sudo.
Old version, no longer maintained: 2.1 1 June 1997 Replaced the old `sh` with pdksh.
Old version, no longer maintained: 2.2 1 December 1997 Added the `afterboot(8)` manual page.
Old version, no longer maintained: 2.3 19 May 1998 Introduced the "haloed daemon" mascot (head only).
Old version, no longer maintained: 2.4 1 December 1998 Featured the complete "haloed daemon" mascot.
Old version, no longer maintained: 2.5 19 May 1999 Introduced the Cop daemon image.
Old version, no longer maintained: 2.6 1 December 1999 First release of OpenSSH, which is now widely used.
Old version, no longer maintained: 2.7 15 June 2000 Added support for SSH2 in OpenSSH.
Old version, no longer maintained: 2.8 1 December 2000 Included `isakmpd(8)`.
Old version, no longer maintained: 2.9 1 June 2001 Improved filesystem performance.
Old version, no longer maintained: 3.0 1 December 2001
  • Featured the song E-Railed (OpenBSD Mix).
  • Developed the pf packet filter after license issues with IPFilter.
Old version, no longer maintained: 3.1 19 May 2002 Systemagic song released. First official remote security flaw found in OpenSSH.
Old version, no longer maintained: 3.2 1 November 2002 Goldflipper song released.
Old version, no longer maintained: 3.3 1 May 2003
  • Puff the Barbarian song released, about open documentation.
  • Integrated ALTQ code into pf.
  • Introduced the W^X memory protection feature.
Old version, no longer maintained: 3.4 1 November 2003
  • The Legend of Puffy Hood song released, about free speech.
  • Changed executable format on i386.
  • Replaced GPL-licensed tools like `gzip` and `grep` with BSD-licensed ones.
  • Added Address space layout randomization (ASLR) by default.
  • Introduced basic hardware monitoring.
Old version, no longer maintained: 3.5 1 May 2004
  • CARP License song released, with an anti-software patents message.
  • Introduced CARP.
  • Replaced more GPL-licensed tools with BSD equivalents.
  • AMD64 platform became stable enough for release.
Old version, no longer maintained: 3.6 1 November 2004
  • Pond-erosa Puff (live) song released, about liberal license enforcement.
  • Developed OpenNTPD.
  • Removed Ethereal from ports due to security concerns.
  • Added support for I2C devices.
Old version, no longer maintained: 3.7 19 May 2005 The Wizard of OS song released, about wireless drivers.
Old version, no longer maintained: 3.8 1 November 2005 1 November 2006 Hackers of the Lost RAID song released, about new RAID tools. Removed the telnet daemon.
  • Introduced bioctl for RAID management.
Old version, no longer maintained: 3.9 1 May 2006 1 May 2007

Attack of the Binary BLOB song released, about fighting binary blobs.

  • Enhanced OpenBGPD.
  • Improved hardware sensors support.
Old version, no longer maintained: 4.0 1 November 2006 1 November 2007 Humppa Negala song released. Second official remote security flaw found.
Old version, no longer maintained: 4.1 1 May 2007 1 May 2008 Puffy Baba and the 40 Vendors song released, criticizing hardware vendors.
  • Redesigned the hardware sensor system.
Old version, no longer maintained: 4.2 1 November 2007 1 November 2008 100001 1010101 song released. Improved usability of sensors.
Old version, no longer maintained: 4.3 1 May 2008 1 May 2009 Home to Hypocrisy song released.
Old version, no longer maintained: 4.4 1 November 2008 18 October 2009

Trial of the BSD Knights song released, about BSD history.

  • Improved sparc64 support.
  • Enhanced memory allocation security.
  • Hardware sensors used by more drivers.
Old version, no longer maintained: 4.5 1 May 2009 19 May 2010 Games song released.
  • Hardware sensors used by even more drivers.
Old version, no longer maintained: 4.6 18 October 2009 1 November 2010 Planet of the Users song released.
  • Introduced `smtpd(8)` (SMTP server) and `tmux(1)` (terminal multiplexer).
  • Hardware sensors used by more drivers.
Old version, no longer maintained: 4.7 19 May 2010 1 May 2011 I'm Still Here song released.
Old version, no longer maintained: 4.8 1 November 2010 1 November 2011 El Puffiachi song released.
  • Introduced `iked(8)` (IKEv2 daemon) and `ldapd(8)` (LDAP daemon).
Old version, no longer maintained: 4.9 1 May 2011 1 May 2012 The Answer song released.
  • Introduced `rc.d(8)` for daemon control.
Old version, no longer maintained: 5.0 1 November 2011 1 November 2012 What Me Worry? song released.
Old version, no longer maintained: 5.1 1 May 2012 1 May 2014 Bug Busters song released.
Old version, no longer maintained: 5.2 1 November 2012 1 November 2013 Aquarela do Linux song released.
  • Included `nginx(8)` HTTP server.
  • Disabled SSLv2.
Old version, no longer maintained: 5.3 1 May 2013 1 May 2014 Blade Swimmer song released.
  • Enabled Position-independent executables (PIE) by default on many platforms.
Old version, no longer maintained: 5.4 1 November 2013 1 November 2014 Our favorite hacks song released.
Old version, no longer maintained: 5.5 1 May 2014 1 May 2015 Wrap in Time song released.
  • Introduced `signify(1)` for cryptographic signatures.
  • Made 64-bit `time_t` standard, ready for the Year 2038 problem.
Old version, no longer maintained: 5.6 1 November 2014 18 October 2015 Ride of the Valkyries song released.
  • LibreSSL was created from OpenSSL.
  • Apache HTTPD was removed from the base system.
Old version, no longer maintained: 5.7 1 May 2015 29 March 2016 Source Fish song released.
  • Introduced `rcctl(8)` for controlling daemons.
  • `nginx(8)` and procfs were removed from the base system.
Old version, no longer maintained: 5.8 18 October 2015 1 September 2016 Multiple songs for the 20th anniversary release.
  • Introduced `doas(1)` as a replacement for sudo.
Old version, no longer maintained: 5.9 29 March 2016 11 April 2017 Doctor W^X and Systemagic (Anniversary Edition) songs released.
  • W^X enforced in i386 kernel.
  • Introduced `pledge(2)` for process restriction.
Old version, no longer maintained: 6.0 1 September 2016 9 October 2017 Songs parodying Pink Floyd's albums.
  • Introduced `vmm(4)` virtualization (disabled by default).
  • Removed support for vax and 32-bit SPARC.
Old version, no longer maintained: 6.1 11 April 2017 15 April 2018 Winter of 95 song released.
  • Introduced `syspatch(8)` for binary system updates.
  • Added new `arm64` platform.
Old version, no longer maintained: 6.2 9 October 2017 18 October 2018 A three-line diff song released.
  • Improved Intel graphics support.
  • clang(1) became the default compiler on `i386` and `amd64`.
Old version, no longer maintained: 6.3 2 April 2018 3 May 2019
  • SMP (multiple processors) supported on `arm64`.
  • Network stack improvements.
  • Security improvements, including Meltdown/Spectre fixes.
  • `pledge()` modified to support "execpromises."
Old version, no longer maintained: 6.4 18 October 2018 17 October 2019
  • Introduced `unveil(2)` for filesystem visibility restriction.
Old version, no longer maintained: 6.5 24 April 2019 19 May 2020
  • Support for NMEA 0183 altitude and ground speed sensors.
  • Xenocara: Xorg (X Window Server) no longer runs with special permissions.
Old version, no longer maintained: 6.6 17 October 2019 18 October 2020
  • `sysupgrade(8)` automates upgrades to new releases.
  • Added `amdgpu(4)` AMD RADEON GPU video driver.
Old version, no longer maintained: 6.7 19 May 2020 1 May 2021
  • Made ffs2 the default filesystem type for most installs.
Old version, no longer maintained: 6.8 18 October 2020 14 October 2021
  • 25th anniversary release.
  • New powerpc64 platform.
Old version, no longer maintained: 6.9 1 May 2021 21 April 2022
  • 50th release.
Old version, no longer maintained: 7.0 14 October 2021 20 October 2022
  • 51st release.
  • New riscv64 platform.
Old version, no longer maintained: 7.1 21 April 2022 10 April 2023
  • 52nd release.
  • loongson support temporarily stopped for this release.
Old version, no longer maintained: 7.2 20 October 2022 16 October 2023
  • 53rd release.
Old version, no longer maintained: 7.3 10 April 2023 5 April 2024
  • 54th release.
  • New security features for memory and executables.
  • Full-disk encryption support in the installer.
Older version, yet still maintained: 7.4 16 October 2023 November 2024
  • 55th release.
Current stable version: 7.5 5 April 2024 May 2024
  • 56th release.

See Also

Kids robot.svg In Spanish: OpenBSD para niños

  • Comparison of BSD operating systems
  • Comparison of open-source operating systems
  • OpenBSD security features
  • Security-focused operating system
kids search engine
OpenBSD Facts for Kids. Kiddle Encyclopedia.