OpenBSD s Strengths | Absolute OpenBSD: Unix for the Practical Paranoid

OpenBSD's Strengths

So, what makes OpenBSD OpenBSD? Why bother with another open-source UNIX-like operating system when there are many out there, many closely related to OpenBSD? What makes this OS worth a computer, let alone entrusting with your corporate firewall?

Portability

OpenBSD is designed to run on a wide variety of popular processors and hardware platforms. These platforms include, but are not limited to: Intel (80386 and compatibles), Alpha, Macintosh (both PowerPC and 68000 models), almost everything from Sun, and a variety of more obscure platforms. Chances are, any computer you will come across can run OpenBSD. The OpenBSD team wants to support as many interesting hardware architectures as they have the hardware and skills to maintain, so more are being added regularly.

Power

OpenBSD runs on hardware that's been obsolete for ten years. This isn't a deliberate design decision — the hardware was in popular use when OpenBSD was started, and the developers try to maintain speed and compatibility when they can. People who are running OpenBSD on an ancient VAX quickly catch changes that badly affect system performance on 486s, while people running modern Pentium 4s would probably never notice. Some of these changes are required by the advancing nature of the Internet, changes in the tools used to build OpenBSD, and added functionality in the system, but those that are the result of programming errors or misunderstandings are caught quickly.

OpenBSD leaves you every scrap of computing power possible to run your applications. In the end, people use applications and not operating systems. This means that a system with a one-gig disk and a 486 CPU can still make a solid web server once you install OpenBSD! A low-footprint operating system gives the most bang out of hardware.

Documented

Many free software projects are satisfied with releasing code. Some think that they're going above and beyond by including a help function in the program itself, available by typing some command-line flag. Others really go all out and provide a grammatically incorrect and technically vague manual page.

OpenBSD's documentation is expected to be both complete and accurate. The manual pages for system and library calls are extensive, even when compared to the other BSDs, and include discussions on usage and security. In its audit of the OpenBSD source code tree, the OpenBSD team found any number of circumstances where people had used the library interface as the manual page said they should, but the manual page was incorrect! This created both potential and actual security problems. As such, a documentation error is considered a serious bug and treated as harshly as any other serious bug.

Free

In keeping with the spirit of the original BSD license, OpenBSD is free for use in any way by anyone. You can use it in any tool you like, on any computer, for any purpose. Most of today's free software is licensed under terms that require distributors of software to return any changes back to the project owner. OpenBSD doesn't come with even that minor requirement. You can take OpenBSD, modify it, and embed it in refrigerators that order replacement food over the Internet, without ever paying the developers a dime. ^[1]

OpenBSD is perhaps the freest of the free operating systems. Like every other free UNIX-like operating system, the source code tree inherited from OpenBSD originally contained a wide variety of programs that shipped under conditional licenses. Some were free for non-commercial use; some were free if you changed the name once you made a change to the code; others had a variety of obscure licensing terms, such as indemnifying a third party against lawsuits. These have been either ripped out or replaced with freely licensed alternatives.

Theo de Raadt said on a mailing list during a discussion of licensing terms:

      We know what a free license should say.         It should say       * Copyright foo       * I give up my rights and permit others to:                       distribute                       sell                       give                       modify                       use       * I retain the right to be known as the author/owner       When it says something else, ask this:       * - is it 100% guaranteed fluff which cannot ever affect anyone?       * - is it giving away even more rights (the author right)?       If not, then it must be giving someone more rights, or by the same token -       taking more rights away from someone else!       Then it is _less_ free than our requirements state!

The OpenBSD Project does a lot of work to guarantee that its licensing is as stringently free as its code is correct.

Correctness

OpenBSD developers strive to implement solutions correctly. This means that they follow UNIX standards such as POSIX and ANSI in their implementations. They make it a strict rule to write programs in a reliable and secure manner, following programming's best current practices. Every skilled programmer knows that programs written correctly are more reliable, predictable, and secure. Many free software producers are satisfied if it compiles and seems to work, however, and quite a few commercial software companies don't give their programmers time to write code that correctly. Code in OpenBSD has been made correct by dint of much hard work, and anyone who tries to introduce incorrect code will be turned away — generally politely, and often with constructive criticism, but turned away nonetheless. And that brings us to OpenBSD's most well-known claim to fame.

Security

OpenBSD strives to be the most secure operating system in the world. While it can reasonably make that claim now, it's a position that requires a constant struggle to maintain. People who break into systems are constantly trying new ways to penetrate computer systems, which means that today's feature may be tomorrow's security hole. As OpenBSD developers learn of new classes of programming errors and security holes, they scan the entire source tree for that class of problem and fix them before anyone even knows how they might be exploited. The history of computer security shows that users cannot be expected to patch or maintain their own systems; those systems must be secure out of the box. OpenBSD's goal is to eliminate those problems before they exist.

^[1]If you work at a company implementing such technology, please base it on OpenBSD. I do not want my refrigerator to be hacked and find 4,000 gallons of sour cream on my doorstep the next day!