Women's Suffrage

From Uncyclopedia, the content-free encyclopedia

(Difference between revisions)
Jump to: navigation, search
m
Line 1: Line 1:
{{Wilde|Have women suffered? I suppose they have. Have ''I'' suffered? Why, naturally. Let's talk more about Oscar's Suffrage, thank you very much.|Women's Suffrage}}
+
[[Image:{{featured article}}
{{Q|Jesus, I know you're at work, but I just got scratched by the cat! I'm bleeding like a stuck pig! Are you listening to me, Christ?|A nun|her suffering as a [[wedding|bride]] of Christ}}
+
{{Infobox OS|
__NOTOC__
+
|name = OpenBSD
  +
|screenshot = [[Image:Openbsd.png|200px|OpenBSD Logo with [[Puffy (mascot)|Puffy]], the [[pufferfish]].]]
  +
|caption = "Free, Functional & Secure"
  +
|developer = The OpenBSD Project
  +
|family = [[Berkeley Software Distribution|BSD]]
  +
|source_model = [[Open source]]
  +
|latest_release_version = 3.8
  +
|latest_release_date = November 1, 2005
  +
|kernel_type = [[Monolithic kernel|Monolithic]]
  +
|ui = [[Korn shell|pdksh]], [[FVWM]] for [[X Window System|X11]]
  +
|licence = Mostly [[BSD license|BSD]]
  +
|working_state = Current
  +
|website = [http://www.openbsd.org www.openbsd.org]
  +
}}{{Prerequisites header}}
  +
! [[Computer]] and [[operating system]]
  +
|-
  +
! [[Unix]] and [[Unix-like]]
  +
|-
  +
! [[Software licensing]]
  +
|-
  +
! [[Computer insecurity]]
  +
{{Prerequisites footer}}
  +
'''OpenBSD''' is a freely available [[Unix-like]] [[computer]] [[operating system]] descended from [[Berkeley Software Distribution]] (BSD), a [[Unix]] derivative created by the [[University of California, Berkeley]]. It was [[Fork (software development)|forked]] from [[NetBSD]], another [[open source]] operating system based on BSD, by project leader [[Theo de Raadt]] in 1994, and is widely known for the developers' insistence on open source and documentation, uncompromising position on [[software licensing]], and focus on [[Computer insecurity|security]] and code correctness. The project is coordinated from de Raadt's home in [[Calgary, Alberta]], [[Canada]]. Its [[logo]] and [[mascot]] is [[Puffy (mascot)|Puffy]], a [[pufferfish]].
   
{{Wikipedia}}
+
OpenBSD includes a number of security features not found or optional in other operating systems and has a tradition of developers auditing the [[source code]] for [[software bug]]s and security problems. The project maintains strict policies on licensing and prefers the open source [[BSD license|BSD licence]] and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable.
'''Women's Suffrage International''' (WSI) is a worldwide non-profit organization run entirely by [[women]] that strives to let all non-women know how much women have suffered. The organization has achieved great success in Western countries (where men are now painfully aware of how much women have suffered), though it has made little headway in the [[Middle East]], [[South America]], [[Africa]], most of [[Asia]], and [[Australia]] (where the suffering of women has been glibly ignored).
 
   
==Purpose and Aim of Women's Suffrage==
+
In common with most other BSD-based operating systems, the OpenBSD [[kernel (computer science)|kernel]] and [[userland]] programs, such as the [[Unix shell|shell]] and common tools like [[cat (Unix)|cat]] and [[ps (Unix)|ps]], are developed together in a single source repository. Third-party software is available as binary packages or may be built from source using the [[ports collection]].
[[Image:03803r.jpg|thumb|left|150px|<small>'''If you look closely, there's a woman in the center of this picture, and - more than likely - she was suffering at the time. She's almost certainly dead by now, so at least her suffering has ended. Probably.'''</small>]]
 
For truly as women have suffered since time immemorial, men have ignored their suffering. For example, long-suffering '''Mary Holcombe''' of [[Ohio|Napoleon, Ohio]], has suffered for at least 17 years in her strained, loveless [[marriage]] to her "good-for-nothing, beer-swilling" husband Russell. Women's Suffrage aims to help women like Mary spread her suffering to others, so that they, too, may know how badly she suffers.
 
   
Thanks to the efforts of WSI, Mary's relatives, friends, and even children know how much she suffers. Unfortunately, Russell and his poker buddies are still largely unaware of Mary's suffering. When reached for comment, Russell angrily put down his half-empty can of Natural Light and said, "Can't you see I'm trying to watch ''Dancing with the Stars''? Can't I have a goddamn moment of peace in this goddamn house? Talk to my wife, you [[Uncyclopedia]] motherfuckers. ''Wild Weasel?'' More like Wild Faggot. ''Get out of my house.''"
+
OpenBSD currently runs on 16 different hardware [[Platform (computing)|platforms]], including the [[DEC Alpha]], [[Intel]] [[Intel 80386|i386]], [[AMD]] [[AMD64]] and [[Motorola 68000]] processors, [[Apple Computer|Apple]]'s [[PowerPC]] machines, [[Sun Microsystems|Sun]] [[SPARC]] and SPARC64-based computers, the [[VAX]] and the [[Sharp Zaurus]].
   
But Women's Suffrage International, cannot end the suffering of women alone, or more accurately, without your help. Help, in this case, is defined as "money." WSI cannot end the suffering of women without your ''money.'' Please fill an envelope full of money - fives, tens, twenties (but preferably Grants or Benjamins), and mail it to:
+
==History and popularity==
  +
{{main|OpenBSD history}}
   
<center>'''Women's Suffrage International'''</center>
+
In December 1994, NetBSD co-founder Theo de Raadt was asked to resign his position as a senior developer and member of the NetBSD core team, and his access to the source code repository was revoked. <!-- Was his access revoked before or after his resignation? --> The reason for this is not wholly clear, although there are claims that it was due to personality clashes within the NetBSD project and on its [[Electronic mailing list|mailing lists]].{{ref|glass}} de Raadt has been criticized for having a sometimes abrasive personality: in his book, ''Free For All'', Peter Wayner claims that de Raadt "began to rub some people the wrong way" before the split from NetBSD;{{ref|wayner}} interviewers admit to being "apprehensive";{{ref|apprehensive}} and [[Linus Torvalds]] has described him as "difficult."{{ref|difficult}} Others find his straightforwardness refreshing, and few deny he is a talented [[programmer|coder]] and security expert.
<center>Courtesy of: Cindy Lou Harris</center>
 
<center>P.O. Box 3454</center>
 
<center>Kenosha, Washington, 20016</center><br>
 
   
Please, ''no personal checks.'' With your [[Pyramid_Scheme|contributions]], Women's Suffrage can do good for those who have suffered so much (with the exception of women in Africa and the Middle East, because those places are hard to get to, and too dangerous anyway).
+
[[Image:Openbsd23cover.gif|thumb|250px|right|The OpenBSD 2.3 CD cover with the original mascot, before Puffy appeared with release 2.7]]
   
==Where Do Women Suffer?==
+
In October 1995, de Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial [[Software release|release]], OpenBSD 1.2, was made in July 1996, followed in October of the same year by OpenBSD 2.0.{{ref|20_release}} Since then, the project has followed a schedule of a release every six months, each of which is maintained and supported for one year. The latest release, OpenBSD 3.8, appeared{{ref|release}} on November 1, 2005.
[[Image:Black Woman Angry On Phone.jpg|thumb|right|150px|<small>'''Won't you help end the suffering of women such as this?'''</small>]]
 
Women, according to our sources at Women's Suffrage, suffer all over the world.
 
===Suffering in the West===
 
From unequal wages in the workplace, sexual harassment, ill-fitting undergarments, unrealistic body image demands, the failure of men to look like [[Brad Pitt]], and the inexplicable success of talentless bimbos like [[Tara Reid]], the list of things that cause women in Western countries to suffer is extremely long.
 
   
It was fairly easy to secure an interview with a long-suffering Western woman, whom we found talking animatedly on a [[cell phone]] while drinking a mocha latte at [[Starbucks]]. "The other day, I was on the phone with Cindy - Cindy isn't my best friend, but she's very close - and she was going on and on about how her boyfriend Chad got her this $600 necklace!" says suffering woman '''Kayla Johnson''' of Glendale, [[California]]. "I just got to thinking about my boyfriend Jerry, and how he never gets me ''anything.'' Later tonight, when he takes me out to dinner, I'm going to throw a fit. Let him figure out what it's about - God, how he makes me suffer!"
+
Just how widely OpenBSD is used is hard to ascertain: the developers do not collect and publish usage statistics and there are few other sources of information. The nascent BSD Certification project performed a usage survey which revealed that 32.8% of BSD users (1420 of 4330 respondents) were using OpenBSD,{{ref|bsdcert}} placing it second of the four major BSD variants, behind [[FreeBSD]] with 77.0% and ahead of NetBSD with 16.3%. The Distrowatch{{ref|distrowatch}} [[website]], well-known in the [[Linux]] community and often used as a reference for popularity, publishes page hits for each of the [[Linux distribution|Linux distributions]] and other operating systems it covers. [[As of 2005|As of December 10, 2005]] it places OpenBSD in 38th place, but fairly close to the average with 137 hits per day. FreeBSD is in 11th place with 493 hits per day and a number of Linux distributions range between them. From these statistics, it is possible to conclude that OpenBSD is a substantial presence in the BSD world, with somewhere around a third of the userbase of FreeBSD, and is not unnoticed in the wider open source and [[free software]] operating system community.
   
Clearly, Western women have a great deal of suffering to contend with in their day-to-day lives.
+
==Open source and open documentation==
  +
When OpenBSD was created, Theo de Raadt decided that the source should be available for anyone to read at any time, so, with the assistance of [[Chuck Cranor]],{{ref|ChuckCranor}} he set up a public, anonymous [[Concurrent Versions System|CVS]] server. This was the first of its kind in the software development world: at the time, the practice was for only a small team of developers to have access to the CVS repository, a practice which had some flaws, notably that as outside contributors had no way to know what had been done, contributed patches would often be duplicates of already completed work. This decision led to the name ''OpenBSD'' and marked the start of the project's insistence on open and public access to source and documentation.
   
===Suffering in the Third World===
+
A revealing incident regarding open documentation occurred in March 2005, when de Raadt made a post{{ref|AAC_Theo}} to the ''openbsd-misc'' [[mailing list]] asserting that after four months of discussion, [[Adaptec]] had yet to disclose documentation needed to improve the OpenBSD [[Device driver|drivers]] for their AAC [[Redundant array of independent disks|RAID]] controllers. As in similar circumstances in the past, he encouraged the OpenBSD community to become involved and express their opinion to Adaptec. Shortly after this, FreeBSD committer, former Adaptec employee and author of the FreeBSD AAC RAID support Scott Long{{ref|ScottLong}} made a comment{{ref|AAC_SLong}} on the [[OSNews]] website castigating de Raadt for not making contact with him regarding the issues with Adaptec. This caused the discussion to spill over onto the ''freebsd-questions'' mailing list, where the OpenBSD project leader countered{{ref|AAC_Theo2}} by claiming that he had received no previous offer of help from Scott Long, nor had Adaptec informed him that this was who he should contact. The debate was amplified{{ref|AAC_Theo3}} by disagreements between members of the two camps regarding the use of binary-only drivers and [[non-disclosure agreement]]s (NDAs): OpenBSD developers do not permit the inclusion of [[closed source]] binary drivers in the source tree and are reluctant to sign NDAs. However, the policy of the FreeBSD project has been less strict and much of the Adaptec RAID management code Scott Long proposed as assistance for OpenBSD was in closed source form or written under an NDA. As no documentation was forthcoming before the deadline for release of OpenBSD 3.7, support for Adaptec AAC RAID controllers was removed from the standard OpenBSD kernel.
[[Image:250px-Jenniferwilbanks.jpg|thumb|150px|left|<small>'''Like a deer caught in the headlights, this Third World woman experiences unspeakable horrors from which she is unable to run away from'''</small>]]
 
Other women, especially those in the Third World, suffer in slightly different ways. "I am starving to death here in the refugee camp, but I cannot leave the camp to get to the aid station, for fear that I will be sexually assaulted by roaming gangs of Janjawid militiamen," complains long-suffering woman '''Karen O'tan''' of the Sudanese province of Darfur. "If I do not eat soon, I feel I shall die. Oh, why does [[Muhammed|the Lord]] make me suffer so?"
 
   
Women like Karen are one of the chief concerns of Women's Suffrage. However, since they are essentially lost causes, they are also very low on the organization's official "Things to Do" priority list. "For cases like Karen's, we simply hope things work out for the best," said Women's Suffrage spokeswoman '''Jill Roberts''' as she polished off a tub of Chunky Monkey ice cream while curled up in a comforter on her couch at home. "And that she doesn't suffer too much more. But let me tell you this - did you know young women suffer ''every year'' from not getting into the college of their choice? Or that most men think oral sex ''isn't cheating?'' And that three out of four women get flowers as a "make up" offering, rather than as a gift? And that the lines for the women's room at public events are ''always too long?''" Roberts then complained that she didn't feel well and took a nap, thus concluding the interview.
+
==Licensing==
  +
[[Image:Openbsd37withjwm.png|thumb|250px|right|OpenBSD 3.7 running [[X.Org Server|X.Org]] with the [[JWM]] window manager]]
  +
A goal of the OpenBSD project is to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution."{{ref|lic_policy}} To this end, the [[Internet Systems Consortium]] (ISC) licence, a simplified version of the BSD licence with wording removed that is unnecessary under the [[Berne Convention for the Protection of Literary and Artistic Works|Berne convention]], is preferred for new code, but the [[MIT License|MIT]] or BSD licences are accepted. The widely used [[GNU General Public License]] (GPL) is considered overly restrictive in comparison with these:{{ref|nf_licence}} code licensed under it, and other licences the project sees as undesirable, is no longer accepted for addition to the base system. In addition, existing code under such licences is actively replaced or relicensed when possible, although in some cases, such as [[GNU Compiler Collection|GCC]], there is no suitable replacement and creating one is time-consuming and impractical. Despite this, OpenBSD has made some significant strides in this area: of particular note is the development of [[OpenSSH]], based on the original [[Secure Shell|SSH]] suite and developed further by the OpenBSD team. It first appeared in OpenBSD 2.6 and is now the single most popular SSH implementation, available as standard or as a package on many operating systems. Also worth mentioning is the development, after licence restrictions were imposed on [[IPFilter]], of the [[PF (firewall)|PF]] packet filter, which first appeared{{ref|pfappear}} in OpenBSD 3.0 and is now available in [[DragonFly BSD]], NetBSD and FreeBSD; more recently, OpenBSD releases have seen the GPL licensed tools [[diff]], [[grep]], [[gzip]], [[Bc programming language|bc]], [[Dc (Unix)|dc]], [[Nm (Unix)|nm]] and [[Size (Unix)|size]] replaced with BSD licensed equivalents. OpenBSD developers are also behind [[OpenBGPD]], [[OpenOSPFD]], [[OpenNTPD]] and [[OpenCVS]], BSD licensed alternatives to existing software.
   
===Suffering in Asia===
+
In June of 2001, triggered by concerns over [[Darren Reed]]'s modification of IPFilter's licence wording, a systematic licence audit of the OpenBSD ports and source trees was undertaken.{{ref|IPFilter}} Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the licence. To ensure that all licences were properly adhered to, an attempt was made to make contact with all the relevant [[copyright]] holders: some pieces of code were removed, many were replaced, and others, including the [[multicast]] routing tools, mrinfo and map-mbone,{{ref|mman}} which were licensed by [[Xerox]] for research only, were relicensed so that OpenBSD could continue to use them. Also of note during this audit was the removal of all software produced by [[Daniel J. Bernstein]] from the OpenBSD ports tree. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time nor effort.{{ref|DJB_Theo}} The removal led to a clash with Bernstein, who felt it to be uncalled for, cited the [[Netscape]] [[web browser]] as much less free and accused developers of hypocrisy for permitting it to remain while removing his software.{{ref|DJB_DJB}} The OpenBSD project's stance was that Netscape, although not open source, had licence conditions that were much easier to meet;{{ref|DJB_Espie}} they asserted that Bernstein's demand for control of derivatives would lead to a great deal of additional work and that removal was the most appropriate way to comply with his requirements. At present, after the release of OpenBSD 3.8, Daniel J. Bernstein's software is still absent from the ports tree.
Sources in Women's Sufferage assured us that women were also suffering a great deal in [[Asia]], of all places. Our interest piqued, we went to [[Japan]] in search of suffering women. However, our investigation there only turned up demure, reserved women at every turn, hardly the sort to be suffering! Unfortunately, we were unable to secure an interview with an actual woman, instead being asked to direct our questions to a middle-aged man in business attire. As he explained, "[women] do not suffer in Japan. They are perfectly happy catering to the needs of Japanese men, and find great joy in serving, being quiet, and staying out of the way. Excuse me while I retire from this interview to eat sushi off the naked flesh of a nubile high school girl with neon green hair."
 
   
Based on what we were able to determine from our brief time in Asia, there are many women there, and hopefully the bulk of them aren't suffering too badly.
+
==Security and code auditing==
  +
{{details|OpenBSD security features}}
  +
Shortly after OpenBSD's creation, Theo de Raadt was contacted by a local security software company named Secure Networks, Inc. or SNI.{{ref|SecNet}}{{ref|SecNet2}} They were developing a "network security auditing tool" called Ballista, later renamed to Cybercop Scanner after SNI was purchased by [[McAfee|Network Associates]], which was intended to find and attempt to [[Exploit (computer security)|exploit]] possible software security flaws. This coincided well with de Raadt's own interest in security, so the two agreed to cooperate, a relationship that was of particular use leading up to the release of OpenBSD 2.3{{ref|23}} and helped to form the focal point of the project: OpenBSD developers would attempt to do what was right, proper or secure, even at the cost of ease, speed or functionality. As bugs within OpenBSD became harder to find and exploit, the security company found that it was too difficult, or not cost effective, to handle such obscure problems. After years of cooperation, the two parties decided that their goals together had been met and parted ways.
   
==Why do women suffer?==
+
Until June 2002, the OpenBSD website featured the slogan:
Because we give, and we give, and we give, and we keeping on giving until even our very marrow is drained dry and it still isn't enough.
 
   
==The 19th Amendment to the [[U.S. Constitution]] and You==
+
:"No remote computer hole in the default install, in nearly 6 years."
Back in [[America]], [[Uncyclopedia]] was mildly surprised to learn that the right of women to suffer was ''not'' always guaranteed. Apparently, from the moment the ink dried on the Constitution, only [[virgins]] were allowed to suffer - all other women had to channel their bitterness, angst, resentment and discontent into hobbies such as '''knitting''' or '''sitting quietly'''.
 
   
Unable to resist the urge to suffer, in the mid-19th Century, WSI - then known as the Women's Suffrage Movement - stepped up an agressive campaign to force the government to allow the gratifiying, lusty experience of suffering to all women. Faced with the possibility women would no longer knit or sit quietly, Congress capitulated, and passed the 19th Amendment to the Constitution:
+
In June 2002, [[Internet Security Systems]] discovered a bug in the OpenSSH code implementing [[Challenge-response authentication|challenge-response]] [[authentication]].{{ref|sshvuln}} This was the first and, so far, only [[Vulnerability (computer science)|vulnerability]] discovered in the OpenBSD default installation allowing an attacker remote access to the [[superuser|root]] account—it was extremely serious, partly due to the widespread use of OpenSSH by that time: the bug affected a considerable number of other operating systems.{{ref|sshvulnlist}} This problem necessitated the adjustment of the slogan on the OpenBSD website to:
 
<code>*Section 1: The right of citizens (females) of the United States to suffer shall not be denied or abridged by the United States or by any State on account of sex.</code>
 
::[[clinjas|Constitutional scholars]] have assured us this section covers the right of suffering, and how it applies to women, and that it doesn't apply to [[bear|bears]] or [[dog|dogs]], unless they are women.
 
<code>*Section 2: Congress shall have power to enforce this article by appropriate legislation. </code>
 
::Our helpful constitutional scholars (we call them C-Scholas) informed us this clause is just [[Nobody cares|filler]], really. The 19th amendment was too short, and without this section it probably would have been sent to the [[President]] for [[QVFD]].
 
   
The 19th Amendment to the [[United States]] [[constipation|Constitution]] extended the right to suffer to all women. This was the single most important victory for WSI and consequently, the rate of “[[Jesus|virgin births]],” not to mention knitting and quiet sitting, declined sharply in the ensuing years. '''Hallie Looya''', the President of Womens Suffrage International at the time, proclaimed it a "[[Baby Jesus|miracle of miracles]]", though it is well possible she was exaggerating.
+
:"Only one remote hole in the default install, in more than 8 years."
   
  +
This statement has been criticized because little is enabled in a default install of OpenBSD and releases have included software that was later found to have remote holes; however, the project maintains that the slogan is ''intended'' to refer to a default install and that it is correct by that measure. One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean and [[secure by default]]. For example, OpenBSD's minimal defaults fit in with standard computer security practice of enabling as few services as possible on production machines, and the project uses open source and code auditing practices argued to be important elements of a security system.{{ref|wheeler_OS_sec}}
   
==See Also==
+
[[Image:Openbsd38boot.png|thumb|250px|right|OpenBSD 3.8-current booting. 3.8 saw security changes to the ''[[malloc]]'' function]]
* [[Voting]]
 
* [[Freedom]]
 
* [[Democracy]]
 
* [[Asian chicks| Catalog brides]]
 
   
[[Category: Woman pages]][[Category: Politics and Government]]
+
OpenBSD includes a large number of specific features designed to improve security, including [[Application programming interface|API]] and [[toolchain]] alterations, such as the ''[[strlcpy]]'' and ''strlcat'' functions and a [[Static code analysis|static bounds checker]]; memory protection techniques to guard against invalid accesses, such as [[Stack-smashing protection#GCC Stack-Smashing Protector (ProPolice)|ProPolice]], [[Stack-smashing protection#StackGhost (hardware-based)|StackGhost]], the [[W^X]] (W [[Exclusive or|xor]] X) page protection features, as well as alterations to ''[[malloc]]''; and [[cryptography]] and [[randomization]] features, including [[Protocol stack|network stack]] enhancements and the addition of the [[Blowfish (cipher)|Blowfish]] cipher for [[password]] [[encryption]]. To reduce the risk of a vulnerability or misconfiguration allowing [[privilege escalation]], some programs have been written or adapted to make use of privilege separation, privilege revocation or [[chroot]]ing. Privilege separation is a technique, pioneered on OpenBSD and inspired by the [[principle of least privilege]], where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.{{ref|provos_privsep}} Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them, and chrooting involves restricting an application to one section of the [[file system]], prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of common applications, including [[tcpdump]] and the [[Apache (webserver)|Apache]] [[web server]], which, due to licensing issues with the later Apache 2 series, is a heavily patched 1.3 release.
   
{{ArticleFH}}
+
The project has a policy of continually [[Computer security audit|auditing]] code for security problems, work developer Marc Espie has described as "never finished … more a question of process than of a specific bug being hunted."{{ref|Espie_audit}} He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended," and investigating whether "it's possible to augment the compiler to warn against this specific problem." Along with DragonFly BSD, OpenBSD is one of the two open source operating system with a policy of seeking out examples of classic, [[C programming language#K&R C|K&R C]] code and converting it to the more modern [[ANSI C|ANSI]] equivalent—this involves no functional change and is purely for readability and consistency reasons. A standard code style, the [[Kernel Normal Form]], which dictates how code must look in order to be easily maintained and understood, must be applied to all code before it is considered for inclusion in the base operating system; existing code is actively updated to meet the style requirements.
  +
  +
==Uses==
  +
OpenBSD's security enhancements, cryptography and the PF firewall suit it for use in the security industry, particularly for [[Firewall (networking)|firewalls]], [[intrusion-detection system]]s and [[Virtual private network|VPN]] gateways. It is also commonly used for servers which need to be resistant against [[Black hat|cracking]] attempts and [[Denial-of-service attack|DoS]] attacks, and due to the inclusion of the [[spamd]] daemon, it occasionally sees use in [[email filtering|mail filtering]] applications.
  +
  +
There are several proprietary systems which are based on OpenBSD, including Profense from Armorlogic ApS, IP360 Vulnerability Management Solution from nCircle, syswall from Syscall Network Solutions AG, GeNUGate and GeNUBox from GeNUA mbH and RTMX O/S from RTMX Inc. Of these, both RTMX and GeNUA have contributed back to OpenBSD: RTMX have sent patches to add further [[POSIX]] compliance to the system and GeNUA funded the development of [[Symmetric multiprocessing|SMP]] on the i386 platform. Several open source operating systems have also been derived from OpenBSD, notably [[Anonym.OS]] and [[MirOS BSD]], as well as the now defunct [[ekkoBSD]], [[MicroBSD]] and [[Gentoo/ALT|Gentoo/OpenBSD]]. In addition, code from many of the OpenBSD system tools has been used in recent versions of Microsoft's [[Microsoft Windows Services for UNIX|Services for UNIX]], an extension to the [[Microsoft Windows|Windows]] operating system which provides some Unix-like functionality, originally based on [[Berkeley Software Distribution|4.4BSD-Lite]]. There have also been projects which use OpenBSD as part of images for embedded systems, including OpenSoekris and flashdist; together with tools like nsh, these allow [[Cisco Systems|Cisco]]-like [[Embedded system|embedded]] devices to be created.{{ref|embedded}}
  +
  +
[[Image:Openbsd38defaultwm.png|thumb|250px|right|OpenBSD 3.8 running [[X.Org Server|X.Org]] with the default [[FVWM]] window manager]]
  +
  +
OpenBSD ships with the [[X Window System|X window system]]. Following the [[XFree86]] licence change, it includes a recent [[X.Org Server|X.Org]] release; an older XFree86 3.3 release is also available for legacy video cards. With these, it is possible to use OpenBSD as a desktop or workstation, making use of a [[desktop environment]], [[X window manager|window manager]] or both to give the X desktop a wide range of appearances. The OpenBSD ports tree contains many of the most popular tools for desktop use, including desktop environments [[GNOME]], [[KDE]], and [[Xfce]]; web browsers [[Mozilla Firefox]] and [[Opera (web browser)|Opera]]; and [[multimedia]] programs. In addition, graphical software for many uses is available from both the ports tree and by compiling POSIX compliant software. Also available are [[compatibility layer]]s, which allow binary code compiled for other operating systems, including Linux, FreeBSD, [[SunOS]] and [[HP-UX]], to be run. However, since hardware providers such as graphics card manufacturers [[ATI Technologies|ATI]] and [[NVIDIA]] refuse to release open source drivers or documentation for the 3D capabilities of their hardware, OpenBSD lacks accelerated 3D graphics support.
  +
  +
OpenBSD's performance and usability is occasionally criticized. Performance and scalability tests, most famously Felix von Leitner's tests,{{ref|felix}} often show OpenBSD to lag behind other operating systems. OpenBSD users and developers have countered this by asserting that although performance is certainly given consideration, security, reliability and correctness are seen as more important.{{ref|NH_felix}} OpenBSD is also a relatively small project, particularly when compared with FreeBSD and Linux, and developer time is sometimes seen as better spent on security enhancements than performance optimisations. Critics of usability often point out the lack of user-friendly configuration tools, the bare default installation,{{ref|use_crit}} and "spartan" and "intimidating" installer.{{ref|use_crit2}} These see much the same rebuttals as performance: a preference for simplicity, reliability and security; as one reviewer admits, "running an ultra-secure operating system can be a bit of work."{{ref|use_crit3}}
  +
  +
==Distribution and marketing==
  +
OpenBSD is available freely in various ways: the source can be retrieved by anonymous CVS or [[CVSup]], and binary releases and development snapshots can be downloaded with [[ftp]] or [[http]]. Prepackaged CD sets can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, are one of the project's few sources of income, funding hardware, bandwidth and other expenses. To encourage the sale of the official CDs, OpenBSD makes only a small install [[ISO image|ISO]] available for download rather than provide full release ISOs.
  +
  +
As with several other operating systems, OpenBSD uses ports and packages systems to allow for easy installation and management of programs which are not a part of the base operating system. Originally based on the FreeBSD ports tree, the systems are now quite distinct. Additionally, major changes have been made between the 3.6 and 3.8 releases and are still ongoing, including the replacement of the package tools, the tools available to the user to manipulate packages, by more capable versions, written in [[Perl]] by [[Marc Espie]]. In contrast to FreeBSD, the OpenBSD ports system is intended as a source used to create the end product, the packages: installing a port first creates a package and then installs it using the package tools. Packages are built in bulk by the OpenBSD team and provided for download with each release. OpenBSD is also unique among the BSDs in that the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 3.7 are not suitable for use with 3.6 and vice versa, a policy which lends a great deal of stability to the development process, but means that the software in ports for the latest OpenBSD release can lag somewhat from the latest version available from the author.
  +
  +
Around the time of the OpenBSD 2.7 release, the original mascot, a [[BSD daemon]] with a trident and [[aureola]], was replaced by [[Puffy (mascot)|Puffy]], a pufferfish. Puffy was selected because of the Blowfish encryption algorithm used in OpenSSH and the strongly defensive image associated with some species of pufferfish, such as the [[porcupinefish]] with its spikes to deter predators. He quickly became very popular, mainly because of the appealing image of the fish and his distinction from the BSD daemon, also used by FreeBSD, and the horde of daemons then used by NetBSD. Puffy made his first public appearance in OpenBSD 2.6 and, since then, has appeared in a number of guises on tee-shirts and posters. These have included ''Puffiana Jones'', the famed [[hacker|hackologist]] and adventurer, seeking out the Lost RAID; ''Puffathy'', a little Alberta girl, who must work with Taiwan to save the day; ''Sir Puffy of Ramsay'', a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all; and ''Puff Daddy'', famed rapper and political icon.
  +
  +
After a number of releases, OpenBSD has become notorious for its catchy songs and interesting and often comical artwork. The promotional material of early OpenBSD releases did not have a cohesive theme or design but, starting with OpenBSD 3.0, the CDs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the [[Plaid Tongued Devils]]. At first they were done lightly and only intended to add humour but, as the concept has evolved, they have become a part of the OpenBSD evangelism, with each release expanding a moral or political point important to the project, often through parody. Past themes have included: in OpenBSD 3.8, the ''Hackers of the Lost RAID'', a [[parody]] of [[Indiana Jones]] linked to the new RAID tools featured as part of the release; ''The Wizard of OS'', making its debut in OpenBSD 3.7, based on the work of [[Pink Floyd]] and a parody of [[The Wizard of Oz (1939 film)|The Wizard of Oz]] related to the project's recent wireless hacking; and OpenBSD 3.3's ''Puff the Barbarian'', including an 80s rock-style song and parody of [[Conan the Barbarian]], alluding to open documentation.
  +
  +
In addition to the slogans used on tee-shirts and posters for releases, the project occasionally produces other material: over the years, [[catch phrase|catchphrases]] have included "Sending [[script kiddie]]s to [[/dev/null]] since 1995," "Functional, secure, free – choose 3," "Secure by default," and a few insider slogans, only available on tee-shirts made for developer gatherings, such as "World class security for much less than the price of a [[cruise missile]]" and a crufty old octopus proclaiming "Shut up and hack!"
  +
  +
==Books==
  +
A number of books on OpenBSD have been published, including:
  +
  +
*''[http://www.oreilly.com/catalog/mfreeopenbsd/ Mastering FreeBSD and OpenBSD Security]'' by Yanek Korff, Paco Hope and Bruce Potter. ISBN 0-596-00626-8.
  +
*''[http://www.devguide.net/books/openbsdfw-02-ed/ Building Firewalls with OpenBSD and PF: Second Edition]'' by Jacek Artymiak. ISBN 83-916651-1-9.
  +
*''[http://www.aw-bc.com/catalog/academic/product/0,1144,0321193660,00.html Secure Architectures with OpenBSD]'' by Brandon Palmer and Jose Nazario. ISBN 03-21193-66-0.
  +
*''[[Absolute OpenBSD|Absolute OpenBSD, Unix for the Practical Paranoid]]'' by Michael W. Lucas. ISBN 1-886411-99-9.
  +
* ''[http://www.wiley.com/legacy/compbooks/catalog/35366-3.htm Building Linux and OpenBSD Firewalls]'' by Wes Sonnenreich and Tom Yates. ISBN 0-471-35366-3.
  +
  +
==See also==
  +
{{Portalpar|Free software}}
  +
*[[BSD and GPL licensing]]
  +
*[[Comparison of operating systems]]
  +
*[[Hackathon]]
  +
*[[KAME project]]
  +
*[[List of OpenBSD developers]]
  +
*[[POSSE project]]
  +
*[[Security focused operating system]]
  +
*[[BSD Authentication]]
  +
  +
==Notes and references==
  +
<div style="font-size: 85%">
  +
#{{note|glass}} Glass, Adam. Message to netbsd-users: ''[http://mail-index.netbsd.org/netbsd-users/1994/12/23/0000.html Theo De Raadt(sic)],'' December 23, 1994. Visited January 8, 2006.
  +
#{{note|wayner}} Wayner, Peter. ''Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans,'' [http://www.jus.uio.no/sisu/free.for.all.peter.wayner/18.html#987 18.3 Flames, Fights, and the Birth of OpenBSD], 2000. Visited January 6, 2006.
  +
#{{note|apprehensive}} NewsForge. ''[http://www.newsforge.com/article.pl?sid=01/01/29/1718219 Theo de Raadt gives it all to OpenBSD],'' January 30, 2001. Visited January 8, 2006.
  +
#{{note|difficult}} Forbes. ''[http://www.forbes.com/intelligentinfrastructure/2005/06/16/linux-bsd-unix-cz_dl_0616theo.html Is Linux For Losers?]'' June 16, 2005. Visited January 8, 2006.
  +
#{{note|20_release}} de Raadt, Theo. Mail to openbsd-announce: ''[http://www.monkey.org/openbsd/archive2/announce/199610/msg00001.html The OpenBSD 2.0 release],'' October 18, 1996. Visited December 10, 2005.
  +
#{{note|release}} de Raadt, Theo. Mail to openbsd-misc: ''[http://marc.theaimsgroup.com/?l=openbsd-misc&m=113082693418397 3.8 release, November 1 2005].'' Visited December 9, 2005.
  +
#{{note|bsdcert}} BSD Certification site: [http://www.bsdcertification.org/ here]; [[PDF]] of usage survey results: [http://www.bsdcertification.org/downloads/pr_20051031_usage_survey_en_en.pdf here].
  +
#{{note|distrowatch}} Distrowatch site: [http://www.distrowatch.com here].
  +
#{{note|ChuckCranor}} Chuck Cranor's site is [http://chuck.cranor.org/ here].
  +
#{{note|AAC_Theo}} de Raadt, Theo. Mail to openbsd-misc: ''[http://marc.theaimsgroup.com/?l=openbsd-misc&m=111118558813932 Adaptec AAC raid support],'' March 18, 2005. Visited December 9, 2005.
  +
#{{note|ScottLong}} Scott Long's site is [http://people.freebsd.org/~scottl/ here].
  +
#{{note|AAC_SLong}} Long, Scott. Post to OSNews: ''[http://osnews.com/comment.php?news_id=10032&offset=15&rows=28#350222 From a BSD and former Adaptec person...],'' March 19, 2005. Visited December 9, 2005.
  +
#{{note|AAC_Theo2}} de Raadt, Theo. Mail to freebsd-questions: ''[http://lists.freebsd.org/pipermail/freebsd-questions/2005-March/081294.html aac support],'' March 19, 2005. Visited December 9, 2005.
  +
#{{note|AAC_Theo3}} de Raadt, Theo. Mail to freebsd-questions: ''[http://lists.freebsd.org/pipermail/freebsd-questions/2005-March/081313.html aac support],'' March 19, 2005. Visited December 9, 2005.
  +
#{{note|lic_policy}} OpenBSD.org. ''[http://www.openbsd.org/policy.html Copyright Policy].'' Visited January 7, 2006.
  +
#{{note|nf_licence}} NewsForge. ''[http://os.newsforge.com/article.pl?sid=05/06/09/2132233 BSD cognoscenti on Linux],'' June 15, 2005. Visited January 7, 2006.
  +
#{{note|pfappear}} Hartmeier, Daniel. [http://www.benzedrine.cx/pf-paper.html Design and Performance of the OpenBSD Stateful Packet Filter (pf)]. Visited December 9, 2005.
  +
#{{note|IPFilter}} NewsForge. ''[http://www.newsforge.com/article.pl?sid=01/06/06/169245 OpenBSD and ipfilter still fighting over license disagreement],'' June 06, 2001. Visited November 23, 2005.
  +
#{{note|mman}} Man pages: [http://www.openbsd.org/cgi-bin/man.cgi?query=mrinfo mrinfo] and [http://www.openbsd.org/cgi-bin/man.cgi?query=map-mbone map-mbone].
  +
#{{note|DJB_Theo}} de Raadt, Theo. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2544.html Re: Why were all DJB's ports removed? No more qmail?],'' August 24, 2001. Visited December 9, 2005.
  +
#{{note|DJB_DJB}} Bernstein, DJ. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2812.html Re: Why were all DJB's ports removed? No more qmail?],'' August 27, 2001. Visited December 9, 2005.
  +
#{{note|DJB_Espie}} Espie, Marc. Mail to openbsd-misc: ''[http://archives.neohapsis.com/archives/openbsd/2001-08/2864.html Re: Why were all DJB's ports removed? No more qmail?],'' August 28, 2001. Visited December 9, 2005.
  +
#{{note|SecNet}} The Age. ''[http://www.theage.com.au/articles/2004/10/07/1097089476287.html Staying on the cutting edge],'' October 8, 2004. Visited January 8, 2006.
  +
#{{note|SecNet2}} ONLamp.com. Interview with OpenBSD developers: ''[http://www.onlamp.com/pub/a/bsd/2003/07/17/openbsd_core_team.html The Essence of OpenBSD],'' July 17, 2003. Visited December 18, 2005.
  +
#{{note|23}} Theo de Raadt on SNI: "Without their support at the right time, this release probably would not have happened." From the [http://www.monkey.org/openbsd/archive/misc/9805/msg00308.html 2.3 release announcement]. Visited December 19, 2005.
  +
#{{note|sshvuln}} Internet Security Systems. [http://xforce.iss.net/xforce/alerts/id/advise123 OpenSSH Remote Challenge Vulnerability], June 26, 2002. Visited December 17, 2005.
  +
#{{note|sshvulnlist}} A partial list of affected operating systems is [http://xforce.iss.net/xforce/xfdb/9169 here].
  +
#{{note|wheeler_OS_sec}} Wheeler, David A. Secure Programming for Linux and Unix HOWTO, [http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/open-source-security.html 2.4. Is Open Source Good for Security?], March 3, 2003. Visited December 10, 2005.
  +
#{{note|provos_privsep}} Provos, Niels. [http://www.citi.umich.edu/u/provos/ssh/privsep.html Privilege Separated OpenSSH]. Visited January 30, 2006.
  +
#{{note|Espie audit}} O'Reilly Network. ''[http://www.onlamp.com/pub/a/bsd/2004/03/18/marc_espie.html An Interview with OpenBSD's Marc Espie],'' March 18, 2004. Visited January 24, 2006.
  +
#{{note|embedded}} [http://opensoekris.sourceforge.net/ OpenSoekris], [http://www.nmedia.net/~chris/soekris/ flashdist] and [http://www.nmedia.net/~chris/nsh/ nsh].
  +
#{{note|felix}} The test results and conclusions are: [http://bulk.fefe.de/scalability/ here].
  +
#{{note|NH_felix}} Holland, Nick. Mail to openbsd-misc: ''[http://groups.google.co.uk/group/lucky.openbsd.misc/msg/2b6f9d5bf42b712a Re: OpenBSD Benchmarked... results: poor!],'' October 19, 2003. Visited January 8, 2006.
  +
#{{note|use_crit}} NewsForge. ''[http://os.newsforge.com/article.pl?sid=05/11/01/1710223 Trying out the new OpenBSD 3.8],'' November 02, 2005. Visited January 8, 2006.
  +
#{{note|use_crit2}} NewsForge. ''[http://os.newsforge.com/article.pl?sid=04/07/20/180234 Review: OpenBSD 3.5],'' July 22, 2004. Visited January 8, 2006.
  +
#{{note|use_crit3}} Distrowatch. ''[http://distrowatch.com/dwres.php?resource=review-openbsd OpenBSD - For Your Eyes Only],'' 2004. Visited January 8, 2006.
  +
</div>
  +
  +
==External links==
  +
{{commonscat|OpenBSD}}
  +
  +
*[http://www.openbsd.org/ OpenBSD homepage]
  +
**[http://www.openbsd.org/cgi-bin/cvsweb/ OpenBSD CVS repository]
  +
**[http://www.openbsd.org/faq/index.html OpenBSD documentation and frequently asked questions]
  +
**[http://www.openbsd.org/cgi-bin/man.cgi OpenBSD man pages]
  +
**[http://www.openbsd.org/lyrics.html OpenBSD songs]
  +
*[http://www.openssh.com/ OpenSSH homepage]
  +
*[http://www.openntpd.org/ OpenNTPD homepage]
  +
*[http://www.openbgpd.org/ OpenBGPD homepage]
  +
*[http://www.opencvs.org/ OpenCVS homepage]
  +
*[http://www.undeadly.org/ OpenBSD journal]
  +
*[http://www.jus.uio.no/sisu/free.for.all.peter.wayner ''Free For All'' by Pete Wayner]
  +
*[http://www.openfaqs.org/ Daniel Ouellet's OpenBSD HOWTO site]
  +
*[http://marc.theaimsgroup.com/?l=openbsd-misc&r=1&w=2 MARC: ''openbsd-misc'' mailing list archive]
  +
*[http://www.wbglinks.net/pages/openbsd/ OpenBSD beginners tutorial]
  +
{{unix-like}}
  +
  +
[[Category:BSD]]
  +
[[Category:Computer security]]
  +
[[Category:Cryptographic software]]
  +
[[Category:Embedded operating systems]]
  +
[[Category:Free software operating systems]]
  +
  +
[[bs:OpenBSD]]
  +
[[ca:OpenBSD]]
  +
[[cs:OpenBSD]]
  +
[[de:OpenBSD]]]]
  +
[[el:OpenBSD]]
  +
[[es:OpenBSD]]
  +
[[eu:OpenBSD]]
  +
[[fi:OpenBSD]]
  +
[[fr:OpenBSD]]
  +
[[gl:OpenBSD]]
  +
[[hu:OpenBSD]]
  +
[[is:OpenBSD]]
  +
[[it:OpenBSD]]
  +
[[ja:OpenBSD]]
  +
[[ko:OpenBSD]]
  +
[[lt:OpenBSD]]
  +
[[lv:OpenBSD]]
  +
[[ms:OpenBSD]]
  +
[[nl:OpenBSD]]
  +
[[no:OpenBSD]]
  +
[[pl:OpenBSD]]
  +
[[pt:OpenBSD]]
  +
[[ro:OpenBSD]]
  +
[[ru:OpenBSD]]
  +
[[simple:OpenBSD]]
  +
[[sl:OpenBSD]]
  +
[[sr:OpenBSD]]
  +
[[sv:OpenBSD]]
  +
[[th:OpenBSD]]
  +
[[tr:OpenBSD]]
  +
[[zh:OpenBSD]]

Revision as of 11:31, April 10, 2006

[[Image:

190px-Featured.png

Potatohead aqua Featured Article  (read another featured article) Featured version: {{{date}}}
This article has been featured on the front page. — You can vote for or nominate your favourite articles at Uncyclopedia:VFH.
<includeonly>[[Template:FA/Error: Invalid time.]][[Template:FA/Error: Invalid time.]]</includeonly>

Template:Infobox OSTemplate:Prerequisites header ! Computer and operating system |- ! Unix and Unix-like |- ! Software licensing |- ! Computer insecurity Template:Prerequisites footer OpenBSD is a freely available Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative created by the University of California, Berkeley. It was forked from NetBSD, another open source operating system based on BSD, by project leader Theo de Raadt in 1994, and is widely known for the developers' insistence on open source and documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. Its logo and mascot is Puffy, a pufferfish.

OpenBSD includes a number of security features not found or optional in other operating systems and has a tradition of developers auditing the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open source BSD licence and its variants—in the past this has led to a comprehensive licence audit and moves to remove or replace code under licences found less acceptable.

In common with most other BSD-based operating systems, the OpenBSD kernel and userland programs, such as the shell and common tools like cat and ps, are developed together in a single source repository. Third-party software is available as binary packages or may be built from source using the ports collection.

OpenBSD currently runs on 16 different hardware platforms, including the DEC Alpha, Intel i386, AMD AMD64 and Motorola 68000 processors, Apple's PowerPC machines, Sun SPARC and SPARC64-based computers, the VAX and the Sharp Zaurus.

History and popularity

Main article: OpenBSD history

In December 1994, NetBSD co-founder Theo de Raadt was asked to resign his position as a senior developer and member of the NetBSD core team, and his access to the source code repository was revoked. The reason for this is not wholly clear, although there are claims that it was due to personality clashes within the NetBSD project and on its mailing lists.[1] de Raadt has been criticized for having a sometimes abrasive personality: in his book, Free For All, Peter Wayner claims that de Raadt "began to rub some people the wrong way" before the split from NetBSD;[2] interviewers admit to being "apprehensive";[3] and Linus Torvalds has described him as "difficult."[4] Others find his straightforwardness refreshing, and few deny he is a talented coder and security expert.

File:Openbsd23cover.gif

In October 1995, de Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed in October of the same year by OpenBSD 2.0.[5] Since then, the project has followed a schedule of a release every six months, each of which is maintained and supported for one year. The latest release, OpenBSD 3.8, appeared[6] on November 1, 2005.

Just how widely OpenBSD is used is hard to ascertain: the developers do not collect and publish usage statistics and there are few other sources of information. The nascent BSD Certification project performed a usage survey which revealed that 32.8% of BSD users (1420 of 4330 respondents) were using OpenBSD,[7] placing it second of the four major BSD variants, behind FreeBSD with 77.0% and ahead of NetBSD with 16.3%. The Distrowatch[8] website, well-known in the Linux community and often used as a reference for popularity, publishes page hits for each of the Linux distributions and other operating systems it covers. As of December 10, 2005 it places OpenBSD in 38th place, but fairly close to the average with 137 hits per day. FreeBSD is in 11th place with 493 hits per day and a number of Linux distributions range between them. From these statistics, it is possible to conclude that OpenBSD is a substantial presence in the BSD world, with somewhere around a third of the userbase of FreeBSD, and is not unnoticed in the wider open source and free software operating system community.

Open source and open documentation

When OpenBSD was created, Theo de Raadt decided that the source should be available for anyone to read at any time, so, with the assistance of Chuck Cranor,[9] he set up a public, anonymous CVS server. This was the first of its kind in the software development world: at the time, the practice was for only a small team of developers to have access to the CVS repository, a practice which had some flaws, notably that as outside contributors had no way to know what had been done, contributed patches would often be duplicates of already completed work. This decision led to the name OpenBSD and marked the start of the project's insistence on open and public access to source and documentation.

A revealing incident regarding open documentation occurred in March 2005, when de Raadt made a post[10] to the openbsd-misc mailing list asserting that after four months of discussion, Adaptec had yet to disclose documentation needed to improve the OpenBSD drivers for their AAC RAID controllers. As in similar circumstances in the past, he encouraged the OpenBSD community to become involved and express their opinion to Adaptec. Shortly after this, FreeBSD committer, former Adaptec employee and author of the FreeBSD AAC RAID support Scott Long[11] made a comment[12] on the OSNews website castigating de Raadt for not making contact with him regarding the issues with Adaptec. This caused the discussion to spill over onto the freebsd-questions mailing list, where the OpenBSD project leader countered[13] by claiming that he had received no previous offer of help from Scott Long, nor had Adaptec informed him that this was who he should contact. The debate was amplified[14] by disagreements between members of the two camps regarding the use of binary-only drivers and non-disclosure agreements (NDAs): OpenBSD developers do not permit the inclusion of closed source binary drivers in the source tree and are reluctant to sign NDAs. However, the policy of the FreeBSD project has been less strict and much of the Adaptec RAID management code Scott Long proposed as assistance for OpenBSD was in closed source form or written under an NDA. As no documentation was forthcoming before the deadline for release of OpenBSD 3.7, support for Adaptec AAC RAID controllers was removed from the standard OpenBSD kernel.

Licensing

File:Openbsd37withjwm.png

A goal of the OpenBSD project is to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution."[15] To this end, the Internet Systems Consortium (ISC) licence, a simplified version of the BSD licence with wording removed that is unnecessary under the Berne convention, is preferred for new code, but the MIT or BSD licences are accepted. The widely used GNU General Public License (GPL) is considered overly restrictive in comparison with these:[16] code licensed under it, and other licences the project sees as undesirable, is no longer accepted for addition to the base system. In addition, existing code under such licences is actively replaced or relicensed when possible, although in some cases, such as GCC, there is no suitable replacement and creating one is time-consuming and impractical. Despite this, OpenBSD has made some significant strides in this area: of particular note is the development of OpenSSH, based on the original SSH suite and developed further by the OpenBSD team. It first appeared in OpenBSD 2.6 and is now the single most popular SSH implementation, available as standard or as a package on many operating systems. Also worth mentioning is the development, after licence restrictions were imposed on IPFilter, of the PF packet filter, which first appeared[17] in OpenBSD 3.0 and is now available in DragonFly BSD, NetBSD and FreeBSD; more recently, OpenBSD releases have seen the GPL licensed tools diff, grep, gzip, bc, dc, nm and size replaced with BSD licensed equivalents. OpenBSD developers are also behind OpenBGPD, OpenOSPFD, OpenNTPD and OpenCVS, BSD licensed alternatives to existing software.

In June of 2001, triggered by concerns over Darren Reed's modification of IPFilter's licence wording, a systematic licence audit of the OpenBSD ports and source trees was undertaken.[18] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the licence. To ensure that all licences were properly adhered to, an attempt was made to make contact with all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, including the multicast routing tools, mrinfo and map-mbone,[19] which were licensed by Xerox for research only, were relicensed so that OpenBSD could continue to use them. Also of note during this audit was the removal of all software produced by Daniel J. Bernstein from the OpenBSD ports tree. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time nor effort.[20] The removal led to a clash with Bernstein, who felt it to be uncalled for, cited the Netscape web browser as much less free and accused developers of hypocrisy for permitting it to remain while removing his software.[21] The OpenBSD project's stance was that Netscape, although not open source, had licence conditions that were much easier to meet;[22] they asserted that Bernstein's demand for control of derivatives would lead to a great deal of additional work and that removal was the most appropriate way to comply with his requirements. At present, after the release of OpenBSD 3.8, Daniel J. Bernstein's software is still absent from the ports tree.

Security and code auditing

Shortly after OpenBSD's creation, Theo de Raadt was contacted by a local security software company named Secure Networks, Inc. or SNI.[23][24] They were developing a "network security auditing tool" called Ballista, later renamed to Cybercop Scanner after SNI was purchased by Network Associates, which was intended to find and attempt to exploit possible software security flaws. This coincided well with de Raadt's own interest in security, so the two agreed to cooperate, a relationship that was of particular use leading up to the release of OpenBSD 2.3[25] and helped to form the focal point of the project: OpenBSD developers would attempt to do what was right, proper or secure, even at the cost of ease, speed or functionality. As bugs within OpenBSD became harder to find and exploit, the security company found that it was too difficult, or not cost effective, to handle such obscure problems. After years of cooperation, the two parties decided that their goals together had been met and parted ways.

Until June 2002, the OpenBSD website featured the slogan:

"No remote computer hole in the default install, in nearly 6 years."

In June 2002, Internet Security Systems discovered a bug in the OpenSSH code implementing challenge-response authentication.[26] This was the first and, so far, only vulnerability discovered in the OpenBSD default installation allowing an attacker remote access to the root account—it was extremely serious, partly due to the widespread use of OpenSSH by that time: the bug affected a considerable number of other operating systems.[27] This problem necessitated the adjustment of the slogan on the OpenBSD website to:

"Only one remote hole in the default install, in more than 8 years."

This statement has been criticized because little is enabled in a default install of OpenBSD and releases have included software that was later found to have remote holes; however, the project maintains that the slogan is intended to refer to a default install and that it is correct by that measure. One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean and secure by default. For example, OpenBSD's minimal defaults fit in with standard computer security practice of enabling as few services as possible on production machines, and the project uses open source and code auditing practices argued to be important elements of a security system.[28]

File:Openbsd38boot.png

OpenBSD includes a large number of specific features designed to improve security, including API and toolchain alterations, such as the strlcpy and strlcat functions and a static bounds checker; memory protection techniques to guard against invalid accesses, such as ProPolice, StackGhost, the W^X (W xor X) page protection features, as well as alterations to malloc; and cryptography and randomization features, including network stack enhancements and the addition of the Blowfish cipher for password encryption. To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, some programs have been written or adapted to make use of privilege separation, privilege revocation or chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.[29] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them, and chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of common applications, including tcpdump and the Apache web server, which, due to licensing issues with the later Apache 2 series, is a heavily patched 1.3 release.

The project has a policy of continually auditing code for security problems, work developer Marc Espie has described as "never finished … more a question of process than of a specific bug being hunted."[30] He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended," and investigating whether "it's possible to augment the compiler to warn against this specific problem." Along with DragonFly BSD, OpenBSD is one of the two open source operating system with a policy of seeking out examples of classic, K&R C code and converting it to the more modern ANSI equivalent—this involves no functional change and is purely for readability and consistency reasons. A standard code style, the Kernel Normal Form, which dictates how code must look in order to be easily maintained and understood, must be applied to all code before it is considered for inclusion in the base operating system; existing code is actively updated to meet the style requirements.

Uses

OpenBSD's security enhancements, cryptography and the PF firewall suit it for use in the security industry, particularly for firewalls, intrusion-detection systems and VPN gateways. It is also commonly used for servers which need to be resistant against cracking attempts and DoS attacks, and due to the inclusion of the spamd daemon, it occasionally sees use in mail filtering applications.

There are several proprietary systems which are based on OpenBSD, including Profense from Armorlogic ApS, IP360 Vulnerability Management Solution from nCircle, syswall from Syscall Network Solutions AG, GeNUGate and GeNUBox from GeNUA mbH and RTMX O/S from RTMX Inc. Of these, both RTMX and GeNUA have contributed back to OpenBSD: RTMX have sent patches to add further POSIX compliance to the system and GeNUA funded the development of SMP on the i386 platform. Several open source operating systems have also been derived from OpenBSD, notably Anonym.OS and MirOS BSD, as well as the now defunct ekkoBSD, MicroBSD and Gentoo/OpenBSD. In addition, code from many of the OpenBSD system tools has been used in recent versions of Microsoft's Services for UNIX, an extension to the Windows operating system which provides some Unix-like functionality, originally based on 4.4BSD-Lite. There have also been projects which use OpenBSD as part of images for embedded systems, including OpenSoekris and flashdist; together with tools like nsh, these allow Cisco-like embedded devices to be created.[31]

File:Openbsd38defaultwm.png

OpenBSD ships with the X window system. Following the XFree86 licence change, it includes a recent X.Org release; an older XFree86 3.3 release is also available for legacy video cards. With these, it is possible to use OpenBSD as a desktop or workstation, making use of a desktop environment, window manager or both to give the X desktop a wide range of appearances. The OpenBSD ports tree contains many of the most popular tools for desktop use, including desktop environments GNOME, KDE, and Xfce; web browsers Mozilla Firefox and Opera; and multimedia programs. In addition, graphical software for many uses is available from both the ports tree and by compiling POSIX compliant software. Also available are compatibility layers, which allow binary code compiled for other operating systems, including Linux, FreeBSD, SunOS and HP-UX, to be run. However, since hardware providers such as graphics card manufacturers ATI and NVIDIA refuse to release open source drivers or documentation for the 3D capabilities of their hardware, OpenBSD lacks accelerated 3D graphics support.

OpenBSD's performance and usability is occasionally criticized. Performance and scalability tests, most famously Felix von Leitner's tests,[32] often show OpenBSD to lag behind other operating systems. OpenBSD users and developers have countered this by asserting that although performance is certainly given consideration, security, reliability and correctness are seen as more important.[33] OpenBSD is also a relatively small project, particularly when compared with FreeBSD and Linux, and developer time is sometimes seen as better spent on security enhancements than performance optimisations. Critics of usability often point out the lack of user-friendly configuration tools, the bare default installation,[34] and "spartan" and "intimidating" installer.[35] These see much the same rebuttals as performance: a preference for simplicity, reliability and security; as one reviewer admits, "running an ultra-secure operating system can be a bit of work."[36]

Distribution and marketing

OpenBSD is available freely in various ways: the source can be retrieved by anonymous CVS or CVSup, and binary releases and development snapshots can be downloaded with ftp or http. Prepackaged CD sets can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, are one of the project's few sources of income, funding hardware, bandwidth and other expenses. To encourage the sale of the official CDs, OpenBSD makes only a small install ISO available for download rather than provide full release ISOs.

As with several other operating systems, OpenBSD uses ports and packages systems to allow for easy installation and management of programs which are not a part of the base operating system. Originally based on the FreeBSD ports tree, the systems are now quite distinct. Additionally, major changes have been made between the 3.6 and 3.8 releases and are still ongoing, including the replacement of the package tools, the tools available to the user to manipulate packages, by more capable versions, written in Perl by Marc Espie. In contrast to FreeBSD, the OpenBSD ports system is intended as a source used to create the end product, the packages: installing a port first creates a package and then installs it using the package tools. Packages are built in bulk by the OpenBSD team and provided for download with each release. OpenBSD is also unique among the BSDs in that the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 3.7 are not suitable for use with 3.6 and vice versa, a policy which lends a great deal of stability to the development process, but means that the software in ports for the latest OpenBSD release can lag somewhat from the latest version available from the author.

Around the time of the OpenBSD 2.7 release, the original mascot, a BSD daemon with a trident and aureola, was replaced by Puffy, a pufferfish. Puffy was selected because of the Blowfish encryption algorithm used in OpenSSH and the strongly defensive image associated with some species of pufferfish, such as the porcupinefish with its spikes to deter predators. He quickly became very popular, mainly because of the appealing image of the fish and his distinction from the BSD daemon, also used by FreeBSD, and the horde of daemons then used by NetBSD. Puffy made his first public appearance in OpenBSD 2.6 and, since then, has appeared in a number of guises on tee-shirts and posters. These have included Puffiana Jones, the famed hackologist and adventurer, seeking out the Lost RAID; Puffathy, a little Alberta girl, who must work with Taiwan to save the day; Sir Puffy of Ramsay, a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all; and Puff Daddy, famed rapper and political icon.

After a number of releases, OpenBSD has become notorious for its catchy songs and interesting and often comical artwork. The promotional material of early OpenBSD releases did not have a cohesive theme or design but, starting with OpenBSD 3.0, the CDs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils. At first they were done lightly and only intended to add humour but, as the concept has evolved, they have become a part of the OpenBSD evangelism, with each release expanding a moral or political point important to the project, often through parody. Past themes have included: in OpenBSD 3.8, the Hackers of the Lost RAID, a parody of Indiana Jones linked to the new RAID tools featured as part of the release; The Wizard of OS, making its debut in OpenBSD 3.7, based on the work of Pink Floyd and a parody of The Wizard of Oz related to the project's recent wireless hacking; and OpenBSD 3.3's Puff the Barbarian, including an 80s rock-style song and parody of Conan the Barbarian, alluding to open documentation.

In addition to the slogans used on tee-shirts and posters for releases, the project occasionally produces other material: over the years, catchphrases have included "Sending script kiddies to /dev/null since 1995," "Functional, secure, free – choose 3," "Secure by default," and a few insider slogans, only available on tee-shirts made for developer gatherings, such as "World class security for much less than the price of a cruise missile" and a crufty old octopus proclaiming "Shut up and hack!"

Books

A number of books on OpenBSD have been published, including:

See also

Template:Portalpar

Notes and references

  1. ^  Glass, Adam. Message to netbsd-users: Theo De Raadt(sic), December 23, 1994. Visited January 8, 2006.
  2. ^  Wayner, Peter. Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans, 18.3 Flames, Fights, and the Birth of OpenBSD, 2000. Visited January 6, 2006.
  3. ^  NewsForge. Theo de Raadt gives it all to OpenBSD, January 30, 2001. Visited January 8, 2006.
  4. ^  Forbes. Is Linux For Losers? June 16, 2005. Visited January 8, 2006.
  5. ^  de Raadt, Theo. Mail to openbsd-announce: The OpenBSD 2.0 release, October 18, 1996. Visited December 10, 2005.
  6. ^  de Raadt, Theo. Mail to openbsd-misc: 3.8 release, November 1 2005. Visited December 9, 2005.
  7. ^  BSD Certification site: here; PDF of usage survey results: here.
  8. ^  Distrowatch site: here.
  9. ^  Chuck Cranor's site is here.
  10. ^  de Raadt, Theo. Mail to openbsd-misc: Adaptec AAC raid support, March 18, 2005. Visited December 9, 2005.
  11. ^  Scott Long's site is here.
  12. ^  Long, Scott. Post to OSNews: From a BSD and former Adaptec person..., March 19, 2005. Visited December 9, 2005.
  13. ^  de Raadt, Theo. Mail to freebsd-questions: aac support, March 19, 2005. Visited December 9, 2005.
  14. ^  de Raadt, Theo. Mail to freebsd-questions: aac support, March 19, 2005. Visited December 9, 2005.
  15. ^  OpenBSD.org. Copyright Policy. Visited January 7, 2006.
  16. ^  NewsForge. BSD cognoscenti on Linux, June 15, 2005. Visited January 7, 2006.
  17. ^  Hartmeier, Daniel. Design and Performance of the OpenBSD Stateful Packet Filter (pf). Visited December 9, 2005.
  18. ^  NewsForge. OpenBSD and ipfilter still fighting over license disagreement, June 06, 2001. Visited November 23, 2005.
  19. ^  Man pages: mrinfo and map-mbone.
  20. ^  de Raadt, Theo. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 24, 2001. Visited December 9, 2005.
  21. ^  Bernstein, DJ. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 27, 2001. Visited December 9, 2005.
  22. ^  Espie, Marc. Mail to openbsd-misc: Re: Why were all DJB's ports removed? No more qmail?, August 28, 2001. Visited December 9, 2005.
  23. ^  The Age. Staying on the cutting edge, October 8, 2004. Visited January 8, 2006.
  24. ^  ONLamp.com. Interview with OpenBSD developers: The Essence of OpenBSD, July 17, 2003. Visited December 18, 2005.
  25. ^  Theo de Raadt on SNI: "Without their support at the right time, this release probably would not have happened." From the 2.3 release announcement. Visited December 19, 2005.
  26. ^  Internet Security Systems. OpenSSH Remote Challenge Vulnerability, June 26, 2002. Visited December 17, 2005.
  27. ^  A partial list of affected operating systems is here.
  28. ^  Wheeler, David A. Secure Programming for Linux and Unix HOWTO, 2.4. Is Open Source Good for Security?, March 3, 2003. Visited December 10, 2005.
  29. ^  Provos, Niels. Privilege Separated OpenSSH. Visited January 30, 2006.
  30. ^  O'Reilly Network. An Interview with OpenBSD's Marc Espie, March 18, 2004. Visited January 24, 2006.
  31. ^  OpenSoekris, flashdist and nsh.
  32. ^  The test results and conclusions are: here.
  33. ^  Holland, Nick. Mail to openbsd-misc: Re: OpenBSD Benchmarked... results: poor!, October 19, 2003. Visited January 8, 2006.
  34. ^  NewsForge. Trying out the new OpenBSD 3.8, November 02, 2005. Visited January 8, 2006.
  35. ^  NewsForge. Review: OpenBSD 3.5, July 22, 2004. Visited January 8, 2006.
  36. ^  Distrowatch. OpenBSD - For Your Eyes Only, 2004. Visited January 8, 2006.

External links

Template:Commonscat

Template:Unix-like]]eu:OpenBSDgl:OpenBSDis:OpenBSDsimple:OpenBSD

Personal tools
projects