Home > OpenBSD > The Essence of OpenBSD The Essence of OpenBSD Eugenia Loli 2003-07-18 OpenBSD 31 Comments A thousand open source projects quietly produce excellent code under the radar. What goes on in these projects? How do new people join? What motivation is there? Cameron Laird and George Peter Staplin interview several core OpenBSD developers. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 31 Comments 2003-07-18 6:57 am which can be viewed at : http://gentiane.org/~miod/en/machineroom.html — http://homepage.mac.com/softkid 2003-07-18 8:44 am OpenBSD has always struck me as being a quality product. I’d use it, if I had a spare machine to run it on! 2003-07-18 11:31 am OpenBSd is one of the most secure (read from default install) operating systems out there. We use it however not only for firewall/router purposes but i actually run it also on one of my desktops. Why? because i want to and because OpenBSd can do it. Lots of Linux/BSD programs run out of the box under OpenBSD. What i do not like is that is completly overshadowed by FreeBSD and Linux. Please give OpenBSd more voice, and i you want to use/try it please buy the cd’s and show your support for this excellent piece of software. Thank you Theo! 2003-07-18 11:49 am Sorry i forgot.. also thanks to all other developers! 2003-07-18 12:00 pm Whew, his hardware collection is _really_ impressive ! I wish I could play with all theses toys 2003-07-18 12:54 pm OpenBSD, the most secure OS? I don’t know why, but they use sendmail as theit default MTA. And sendmail is the UNIX program with one of the most known security problems. 2003-07-18 1:00 pm I am certainly not bashing / trolling, but: > thousand open source projects quietly produce > excellent code under the radar. I really hate to say so, but having tried various Linuxes over time, working on Solaris for a living, and preparing to install NetBSD on my PDA to get takeaway GNU tools ;-), for me the differences between most Unix’es are neglectible. I mean, what’s the difference, at the core, between *BSD, Linux, Solaris, IRIX, AIX, HP/UX, Hurd, fill-in-whatever? They’re POSIX, they’re bash/ksh, they’re X Window. One runs better on the large servers, the other is more secure. But, as user experience goes, they’re the same ballpark. Choice is good, but the Unix market has forked itself into a bloody mess. If I had one wish, it would be for some more cooperation and a little less choice… 2003-07-18 1:01 pm duh! Sendmail is not unsecure. But you can istall posfix or qmail on it if you want. 2003-07-18 1:01 pm OpenBSD, the most secure OS? I don’t know why, but they use sendmail as theit default MTA. And sendmail is the UNIX program with one of the most known security problems. Yes, and it’s mostly turned off by default, in addition, OpenBSD sendmail is not stock sendmail…most of it operates as an unprivileged user, unlike many Linux distros which give sendmail root or equivalent access. OpenBSD is secure by default. Of course you can turn sendmail and BIND and apache on and mess all that security up, but for a simple set it and forget it firewall/router/NAT or simple NFS/print server, OpenBSD is damn hard to beat. And for a sendmail or apache server… you’re already ahead of the rest in the security game. Besides, like any *nix, nothing forces you to use sendmail…you’re free to use exim, postfix, or qmail or whatever else floats your boat 2003-07-18 1:14 pm How many of these have you tried installing and administrating? From a user perspective, if you’re running ksh on a Redhat box, and ksh on a OpenBSD box, certain things might seem similar. Just like if you’re running aim on a windows or a mac machine. Because it’s a program, and it’s meant to have a standard interface. The sears tower and your local Kmart both have doors, air conditioners, floors, and cielings. But it doesn’t mean they are architecturally similar. Compare the security of OpenBSD to a default install of Lindows. Compare the package management of FreeBSD to Redhat. There is only one way to stop people from forking, and that is to have a proprietary OS. Go try to customize a windows/osx machine like you can customize a GNU or BSD machine. There are GNU/Linux installs in the range of 8MB (see http://www.linuxfromscratch.org), and installs that run the most sophisticated of desktop. All based on the same software. That’s what choice gets you. -b 2003-07-18 2:36 pm Anonymous: I don’t know why, but they use sendmail as theit default MTA. And sendmail is the UNIX program with one of the most known security problems. bytes256: Yes, and it’s mostly turned off by default, in addition, OpenBSD sendmail is not stock sendmail…most of it operates as an unprivileged user, unlike many Linux distros which give sendmail root or equivalent access. Sendmail runs on loopback (127.0.0.1) only, by default. There is no chance of remote exploit, regardless of what its security track looks like. As it stands, a great deal (all?) of the Sendmail code in OpenBSD has been audited. Patches are routinely rolled back from the OpenBSD group to the Sendmail group, often before any exploits are released. -fp 2003-07-18 2:49 pm Solar: Choice is good, but the Unix market has forked itself into a bloody mess. If I had one wish, it would be for some more cooperation and a little less choice… You’re obviously not a developer. More work/features/progress gets accomplished THANKS TO forking. Often times there are developers with ideas that are simply not accepted by the status quo. This can be due to a difference in design philosophy, a fear of change, or simply an inability to cooperate in a civil manner. In order to fulfill the developer’s own needs (scratch their itch), he or she forks off from the group. This often results in TWICE as much productive work, rather than half. The original base continues on, undeterred/undistracted by the “rogue coder” (for lack of a better term), resulting in more code- faster. The forked group also finds themselves productive, thanks to a new-found passion and goal. Examples include: FreeBSD, NetBSD, OpenBSD, Samba/Samba-TNG, Wine/Codeweavers/Transgaming, etc. All of these are successful projects with appreciative user bases. Forked *nices are a luxury. If you wish to use one, great. If not, don’t. There’s no proof to suggest that forking these projects results in a dilution of good code. On the contrary, it often provides us (the end users) with new and improved features caused by healthy competition. -fp 2003-07-18 3:00 pm However people start to get bees in their bonnets. People develop things to the nth degree and then we have similar looking, feeling, and sounding environments which are essentially incompatible. Forking is a good thing, sure, but, concrete, agreed, standards, to work to and with are good things too. Don’t forget that. 2003-07-18 4:31 pm > You’re obviously not a developer. ROTFL – that’s a good one! 😀 > More work/features/progress gets accomplished THANKS > TO forking. More work, sure. (As in, duplicated efforts.) Features, yes. (But sadly never all you need in one product.) Progress… yes, but not in documentation or user interface design or code quality, since that’s so boring for real developers… > The original base continues on, undeterred/undistracted > by the “rogue coder” (for lack of a better term), > resulting in more code- faster. Well, if those pointing out bad design leave the project, they produce crap faster, sure. > The forked group also finds themselves productive, > thanks to a new-found passion and goal. And so we’re graced with a dozen MP3 players in each Linux distro… > Examples include: FreeBSD, NetBSD, OpenBSD… As I said, where’s the big difference? How much work is duplicated, how much work could be done united, how much market share is lost because the *nixes don’t offer a united front? > Forked *nices are a luxury. Fine for you. I’d rather have a system with *one* development line. > There’s no proof to suggest that forking these projects > results in a dilution of good code. Like “there’s no proof that you could write good drivers in C++ so we don’t keep the namespace clean, so you can’t try it”… 2003-07-18 4:54 pm Fine for you. I’d rather have a system with *one* development line. LOL…even Microsoft doesn’t do that!!!! LOL Must be an apple user :p j/k See the thing is…there’s no such thing as one size fits all…so diversity occurs…plus diversity actually increases the *nix marketshare, not dilutes it…sure you have situations of “flavors” competing with other flavors…but in the end you still have a *nix getting the sale There are major differences between all of the BSDs when you look beyond the superficial similarities, otherwise they wouldn’t have a reason to exist and they would shortly wither on the vine… NetBSD is optimized for portability OpenBSD is optimized for security FreeBSD is intended to be a general purpose *nix box, which if anything leans a little toward the server side. They all get an oportunity to cross-polinate from each other, and thus, all progress at breathtaking pace. As an example: The USB support in *ALL* of the BSDs is derived from NetBSD…NetBSDs emphasis on portability allowed them to add support for it very quickly, because of their modular internal driver structure. OpenSSH came from OpenBSD…and damn near ALL freenixes include it. Linuxes and BSDs. FreeBSD’s ports system (the primary package mananagement mechanism similar to and the inspiration for Gentoo’s ebuilds) has found its way into the other BSDs. Competition is good. Diversity is good. To be honest, diversity really doesn’t make things that hard for the developer…if you open source your software…and it’s useful to somebody on a particular platform…they will put it there themselves without you doing a damn thing…why do you think perl runs on all the platforms that it does? Do you honestly believe that Larry Wall owns everything from an Amiga to a Cray? And that he was interested in maintaining ports to all of these platforms? BSDs are good…diversity is good…if you don’t like it…too damn bad. 2003-07-18 5:00 pm Whatever. The Apple user, though, that’s an insult. 😀 2003-07-18 5:01 pm Features, yes. (But sadly never all you need in one product.) What features do you mean? Apps? If I want a cool app from NetBSD to run on my FreeBSD, then I simply do a compile on its source. -m 2003-07-18 5:07 pm At least you have a sense of humor, Solar 😎 BTW…that wasn’t intended as a personal attack…I’m just sick of hearing people say that diversity is bad for *nixes I think it’s one of their major strengths 2003-07-18 5:44 pm “I’m just sick of hearing people say that diversity is bad for *nixes” As a biology student as well as a computer enthusiast, I feel that I must share the fact that the equivelent of forking happens all the time in the world of biology, and it is generally seen as not only a beneficial fact of life, but also a requirement for life’s success and continued existence. Static things see no progress. I am sure that the same holds true for software as well as life. By the sounds of it though, we are minorities in this belief. 2003-07-18 6:14 pm In general, I agree with bytes and kingston that fracturing produces good thing, etc. I think Solar underestimates the benefits of the fracturing, which is understandable given solar’s view that most unix based OSes are the same. I disagree with that view(read my previous post). Regardless, I’ll give solar that fracturing does have it’s downside as well. Availability of applications and drivers. Take GNU/Linux. While there are numerous distros, there is a huge userbase, and some compatibility. There are a lot of drivers and packages available because they are generally compatible. But when a small community like the *BSD community fractures, and drivers aren’t compatible, you end up with a shortage. They said it in the interview. OpenBSD is having a hard time keeping up with drivers. And the community isn’t big enough to warrant companies writing the drivers, whereas they will write them to be compatible with the Linux kernel. However, I think that downfall may actually the savior of fracturing. If not enough people like your forked OS, that fork will die out. It’s kind of like evolution. -b 2003-07-18 6:38 pm I just wanted to take some of the initial steam off the argument. 😉 > What features do you mean? Take the desktops as an example. I installed a Linux recently, and opted to only install KDE. (The one killer application always luring me back into trying Linux is KDevelop.) I thought, perhaps if I keep everything under the “cover” of one desktop, I’d not have as much trouble as I usually have. Ah well. KMail was rather nice I admit. Kate as an editor doesn’t cut it though (aside from the docs being horrible), so I used SciTE – so much for “KDE everywhere”. Konqueror didn’t cut it either, for me, so it was Mozilla – until I realized that that nifty self-made file requester of “save as…” doesn’t allow me to create new folders. That’s not a list of “help me please”, or bashing Linux, which *has* some advantages. It’s just some examples of how the “choice” can hurt the OS, especially (but not only) in the UI department. And that doesn’t even touch the surface of the developer having to decide, which toolkit for my app? Hell, even Windows has a better user experience… As for the claims of me not being a developer, I make a living coding C++ on Solaris, I have my own OS project – everyone should have one 😀 – and I think Cygwin is the best thing since sliced bread… Then again, for the last three days I’ve been trying to build a Cygwin-to-ELF cross-compiler, surfing dozens of mailinglists, FAQs and HOWTOs none of which really helps… And to finally put a name to my OS of origin… where are the great times of Aminet gone? Everything you could possibly need in one place… Good night to you. Unix might be for you, but it ain’t for me. 2003-07-18 9:41 pm >As a biology student as well as a computer enthusiast, I feel that I must share the fact that the equivelent of forking happens all the time in the world of biology, and it is generally seen as not only a beneficial fact of life, but also a requirement for life’s success and continued existence. Static things see no progress. I am sure that the same holds true for software as well as life. Yes, but that’s for the benefit of life, the ecosystem. I thought software was supposed to serve us! Regards, Physics Person 2003-07-18 10:10 pm “Yes, but that’s for the benefit of life, the ecosystem. I thought software was supposed to serve us!” Your argument makes no sense. Regardless of who or what is serving whom, or even to what end, the principal is the same. 2003-07-19 12:05 am Go try to customize a windows/osx machine like you can customize a GNU or BSD machine. I’m sure this was already stated, but I don’t think OSX is a very good choice in the above statement. OSX is very customizable. I would be surprised if it could not be as customizable as GNU and other BSD/*nix systems. 2003-07-19 12:13 am the general architecture of *nix systems is the same. The details are different, which kernel gets used, the differences between a micro and macro kernel architecture, the user space directory and file names, etc. But the general architecture of a kernel, daemons, devices, etc. Is the same. And that is what makes unix so portable. Eventually we’ll all be able to use GNOME and KDE and various other desktops on all of our workstations reguardless of the hardware manufacturer. Similar to the PC environment, but far more difficult to maintain. OSS does it all, because it forks. 2003-07-19 3:15 am One benefit of forks that follow UNIX standards is that software must be written in a generalised way according to standards therefore ensuring it is portable. Thus we have KDE or Gnome running not just on Linux, but also on *BSD, Solaris, and whatever else it has been ported too. There was a time when I remember KDE being more Linux friendly than FreeBSD friendly. 2003-07-19 6:01 am which can be viewed at : I wish I had such a *diverse* collection of hardware so I could play and learn (no big hacking would come out of it, tought), do not call it junk, it’s not. This is a *real* hacker if you ask me. I would be happy with only one of the Sun machines ! (got to buy one, pretty soon !) 2003-07-19 7:13 am linux sucks. 2003-07-19 10:40 am the GUI sucks. GTK, QT, TK, Motif, whatever… it’s a mess. OSX is the only Unix with a consistent GUI. 2003-07-20 12:58 am Openbsd is an awesome project. If I ran an internet server, Openbsd is an excellent choice. Same for firewall, etc. Desktop sucked. Fonts, etc sucked. Some of the ports weren’t working. Seg faults on packages and ports too. I suppose I could make a useable desktop with enough work, but there are other things, Slackware and Freebsd that are easier to configure and use on a daily basis. Openbsd is quick too. All the bsds seem to be fast as hell subjectively. Perhaps on par with Gentoo. It’s annoying to use Redhat or SuSE after dealing with an x86 bsd. Install is a breeze. I did a free ftp install. The unintelligent fdisk is a pain, but just read the docs or man page. Map out your parition plan on a piece of paper first. Most servers, etc will be overtaking the whole disk anyhow. This seems to one of the better open source projects. Well worth buying $40 isos. Posters are only $10 and t shirts are decent price too. As far as sendmail and so forth … there has been only one remote root exploit in seven years or whatnot. In the default install of course. Patching ur crap, and running in chroot jails and so forth will help. It’s certainly much more secure than these sloppy Redhat installs. Some of these distros are running stuff as root. Just need a remote root exploit and you own the box. Openbsd runs stuff in chroot jails as non root users. You’d have to break out of jail, which is certainly a pain. Outside the abilities of most script kiddies as well. Most hackers that are this good are generally not the delete all files, deface the web page type. It’s the idiots with canned exploits that do this. In my view, most linux distros and MS stuff had very few security experts on the core team. (Until Server 2003 perhaps.) Openbsd guys are obsessed with security on the other hand. A lot of the code has been audited. I don’t know much about security stuff, but they search for stack overflows in the C code. Seems most exploits are simple overflows and easily avoided with auditing. Anyway Openbsd owns j00. M. 2003-07-20 1:09 am Forks are good and bad. Obviously 1 million forks or 1 million OS’s would be pointless. One big OS project is almost as bad since there is no competition. One reason I like supporting linux, bsd, etc through small donations. Even if MS stuff will dominate desktop for a while, fueling competition is the important thing. I think Openbsd fork is great. Very few projects do this code auditing and so forth. There are some other interesting projects, Trustix Secure, Hardened Gentoo and others. Netbsd forked and focused on running on almost anything as well as other design goals which depart from other bsds. Linux itself was created from dissatisfaction. Minix was limited and the license sucked. Tannenbaum is an OS god, but Minix couldn’t go anywhere without a GPL or BSD type license. There were x86 unix variants but again they were limited and cost too much green. And all these forks and new projects have given us so many options in 2003.