OpenBSD

From Wikipedia, the free encyclopedia
  (Redirected from Puffy (mascot))
Jump to: navigation, search
OpenBSD
OpenBSD Logo - Cartoon Puffy with textual logo below.svg
OpenBSD desktop managed with cwm running xstatbar, xconsole, xxxterm and uxterm (with tmux, scrot and man)
"Free, Functional & Secure"
Developer The OpenBSD Project
OS family Unix-like (BSD)
Working state Current
Source model Open source with some proprietary components
Initial release 1 October 1996
Latest release 5.6 (November 1, 2014 (2014-11-01)) [±]
Latest preview 5.6-current (ongoing) [±]
Package manager OpenBSD package tools and ports tree
Platforms 68000, Alpha, x86-64, i386, MIPS, PowerPC, SPARC 32/64, VAX, Zaurus and others[1]
Kernel type Monolithic
Userland BSD
Default user interface Modified pdksh, FVWM 2.2.5 for X11
License BSD, ISC, ATU,[2] other custom licenses[3]
Official website www.openbsd.org

OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995. As well as the operating system, the OpenBSD Project has produced portable versions of numerous subsystems, most notably PF, OpenSSH and OpenNTPD, which are very widely available as packages in other operating systems.

The project is also widely known for the developers' insistence on open-source code and quality documentation, uncompromising position on software licensing, and focus on security and code correctness. The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. Its logo and mascot is a pufferfish named Puffy.

OpenBSD includes a number of security features absent or optional in other operating systems, and has a tradition in which developers audit the source code for software bugs and security problems. The project maintains strict policies on licensing and prefers the open-source BSD licence and its variants. In the past this has led to a comprehensive license audit and moves to remove or replace code under licences found less acceptable.

As with most other BSD-based operating systems, the OpenBSD kernel and userland programs, such as the shell and common tools like cat and ps, are developed together in one source code repository. Third-party software is available as binary packages or may be built from source using the ports tree. Also like most modern BSD operating systems, it is capable of running binary code compiled for Linux in a compatible computer architecture at full speed in compatibility mode.

The OpenBSD project maintains ports for 20 different hardware platforms, including the DEC Alpha, Intel i386, Hewlett-Packard PA-RISC, x86-64 and Motorola 68000 processors, Apple's PowerPC machines, Sun SPARC and SPARC64-based computers, the VAX and the Sharp Zaurus.[1] The OpenBSD Foundation was accepted as a mentoring organization for Google Summer of Code 2014.[4][5]

Uses[edit]

OpenBSD startup in console mode
OpenBSD console login and welcome message
Interaction with pdksh in OpenBSD (default shell)
OpenBSD 4.9 running X.Org with the default FVWM window manager

Security[edit]

OpenBSD's security enhancements, built-in cryptography and the pf packet filter suit it for use in the security industry, for example on firewalls,[6] intrusion-detection systems and VPN gateways.

Proprietary systems from several manufacturers are based on OpenBSD, including devices from Armorlogic (Profense web application firewall), Calyptix Security, GeNUA mbH, RTMX Inc,[7] and .vantronix GmbH.[8] Later versions of Microsoft's Services for UNIX, an extension to the Windows operating system which provides some Unix-like functionality, use much OpenBSD code included in the Interix interoperability suite, developed by Softway Systems Inc., which Microsoft acquired in 1999.[9][10] Core Force, a security product for Windows, is based on OpenBSD's pf firewall.[11]

Desktop[edit]

OpenBSD ships with the X window system[12] and is suitable for use on the desktop.[13] Packages for popular desktop tools are available, including desktop environments GNOME, KDE, and Xfce; web browsers Konqueror, Mozilla Firefox and Chromium; and multimedia programs MPlayer, VLC media player and xine.[14] The Project also supports minimalist window management philosophies by including the cwm stacking window manager in the main distribution.

Enterprise[edit]

Open source software consultancy "M:tier" has deployed OpenBSD on servers, desktops and firewalls in corporate environments of many Fortune 500 companies.[15]

Server[edit]

OpenBSD features a full server suite and is easily configured as a mail server, web server, ftp server, DNS server, router, firewall, or NFS file server. Software providing support for other server protocols such as SMB (Samba) are available as packages.

OpenBSD component projects[edit]

Despite the small team size and relatively low usage of OpenBSD, the project has successfully spun off widely available portable versions of numerous parts of the base system, including:

Some of the subsystems have been integrated into the core system of several other BSD projects, and all are available widely as packages for use in other Unix-like systems, and in some cases in Microsoft Windows.

Third Party components in the base system[edit]

  • X.org, the X Window environment, with local patches. Installed with the x*.tgz install file sets.
  • GCC versions 4.2, 3.3 or 2.95 (depending on the platform) GNU C Compiler. Installed as part of the comp54.tgz file set.
  • Perl, with patches and improvements from the OpenBSD team.
  • SQLite, with patches and improvements from the OpenBSD team.
  • NSD authoritative DNS server.
  • Sudo, allowing users to run individual commands as root.
  • Ncurses
  • Binutils with patches.
  • gdb with patches.
  • Less 444 with patches.
  • Awk
  • Unbound (DNS server)

In 2014, for OpenBSD 5.6 and 5.7, the fork of Apache 1.3 was removed from the base system, with plans to remove Nginx. They were replaced with httpd(8), an HTTP server with FastCGI and Transport Layer Security support based on the relayd(8) source code. Apache and nginx will be installed from packages in 5.6 and 5.7.[16] Portable versions of httpd and relayd have not yet been released.

Development and release process[edit]

OpenBSD developers at c2k1 hackathon at MIT

Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and de Raadt acting as coordinator.[17] Two official releases are made per year, with the version number incremented by 0.1,[18] and these are each supported for twelve months. Snapshot releases are also available at very frequent intervals. Maintenance patches for supported releases may be applied manually or by regularly updating the system against the patch branch of the CVS repository for that release.

Alternatively a system administrator may opt to upgrade using a snapshot release and then regularly update the system against the "current" branch of the CVS repository, in order to gain pre-release access to recently added features.

The standard GENERIC OpenBSD kernel, as maintained by the project, is strongly recommended for universal use, and customized kernels are not supported by the project, in line with the philosophy that 'attempts to customize or "optimize" the kernel causes more problems than they solve.'

Packages outside the main system build are maintained by CVS through a ports tree and are the responsibility of the individual maintainers (known as porters). As well as keeping the current branch up to date, the porter of a package is expected to apply appropriate bug-fixes and maintenance fixes to branches of the package for supported releases. Ports are not subject to the same continuous rigorous auditing as the main system because the project lacks the manpower to do this.

Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.

OpenBSD's developers regularly comes together from all around the world and organize an special event called "hackathon". In hackathons, the developers "sit down and code", implementing their ideas about the project and get things done more rapidly than usual.[19]

With every new release a song is also released.[20]

History and popularity[edit]

Bar chart showing the proportion of users of each BSD variant from a 2005 BSD usage survey.[21] Each participant was permitted to indicate multiple BSD variants.

In December 1994, NetBSD co-founder Theo de Raadt was asked to resign from his position as a senior developer and member of the NetBSD core team.[22] The reason for this is not wholly clear, although there are claims that it was due to personality clashes within the NetBSD project and on its mailing lists.[22]

In October 1995, de Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed in October of the same year by OpenBSD 2.0.[23] Since then, the project has followed a schedule of a release every six months, each of which is maintained and supported for one year. The latest release, OpenBSD 5.6, appeared on 1 November 2014.

On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation,[24] a Canadian not-for-profit corporation formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[25]

Just how widely OpenBSD is used is hard to ascertain: its developers neither publish nor collect usage statistics, and there are few other sources of information. In September 2005, the nascent BSD Certification Group performed a usage survey which revealed that 32.8% of BSD users (1420 of 4330 respondents) were using OpenBSD,[21] placing it second of the four major BSD variants, behind FreeBSD with 77% and ahead of NetBSD with 16.3%.[26]

Open source and open documentation[edit]

The OpenBSD Project is noted for its high-quality user documentation, tops among the BSD family operating systems, all of which have excellent documentation.[27][28][29] When OpenBSD was created, Theo de Raadt decided that the source should be easily available for anyone to read at any time, so, with the assistance of Chuck Cranor,[30] he set up a public, anonymous CVS server. This was the first of its kind in the software development world: at the time, the tradition was for only a small team of developers to have access to a project's source repository.[31] Cranor and de Raadt concluded that this practice "runs counter to the open source philosophy" and is inconvenient to contributors. De Raadt's decision allowed "users to take a more active role", and signaled the project's belief in open and public access to source code.[31]

OpenBSD developers do not permit the inclusion of closed source binary drivers in the source tree and are reluctant to sign non-disclosure agreements. When no documentation was forthcoming before the deadline for the release of OpenBSD 3.7, support for Adaptec AAC RAID controllers was removed from the standard OpenBSD kernel because of issues concerning open documentation.[32]

Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. So OpenBSD comes with a built-in Cryptographic Framework, which is employed in every part of the system. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data don't leak into an insecure part of the system.[33]

OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the bind() system call uses random port numbers; files are created with random inode numbers; and IP datagrams have random identifiers.[34]

The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, de Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up".[35] He went on to say that vendor binary drivers are unacceptable to OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break".[35]

Licensing[edit]

A goal of the OpenBSD project is to "maintain the spirit of the original Berkeley Unix copyrights", which permitted a "relatively un-encumbered Unix source distribution".[36] To this end, the Internet Systems Consortium (ISC) license, a simplified version of the BSD license with wording removed that is unnecessary under the Berne convention, is preferred for new code, but the MIT or BSD licenses are accepted. The widely used GNU General Public License is considered overly restrictive in comparison with these.[37]

In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken.[38] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, including the multicast routing tools, mrinfo[39] and map-mbone,[40] which were licensed by Xerox for research only, were relicensed so that OpenBSD could continue to use them; also removed during this audit was all software produced by Daniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.[41] The removal led to a clash with Bernstein who felt the removal of his software to be uncalled for. He cited the Netscape web browser as much less freely licensed and accused the OpenBSD developers of hypocrisy for permitting Netscape to remain while removing his software.[42] The OpenBSD project's stance was that Netscape, although not open source, had license conditions that could be more easily met.[43] They asserted that Bernstein's demand for control of derivatives would lead to a great deal of additional work and that removal was the most appropriate way to comply with his requirements.[43]

The OpenBSD team has developed software from scratch, or adopted suitable existing software, because of license concerns. Of particular note is the development, after license restrictions were imposed on IPFilter, of the pf packet filter, which first appeared[44] in OpenBSD 3.0 and is now available in DragonFly BSD, NetBSD and FreeBSD. OpenBSD developers have also replaced GPL licensed tools (such as diff, grep and pkg-config) with BSD licensed equivalents and founded new projects including the OpenBGPD routing daemon and OpenNTPD time service daemon.[45]

Funding[edit]

Although the operating system and its portable components are widely used in commercial products, de Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."[18]

For a two year period in the early 2000s, the project received DARPA funding, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons."[18]

De Raadt has expressed some concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15 to 1 dollar ratio in favor of the little people. Thanks a lot, little people!"[18]

On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested OpenBSD would shut down.[46] The project soon received a USD$ 20 000 donation from Mircea Popescu, the Romanian creator of the MPEx Bitcoin stock exchange, paid in Bitcoins. The project raised USD$150 000[47] in response to the appeal, enabling it to pay its bills and securing its short term future.[48]

The OpenBSD project had previously experienced another financial danger back in 2006. The Mozilla Foundation and GoDaddy.com are among the organizations that helped the OpenBSD project to overcome its financial troubles.[49][50][51]

Security and code auditing[edit]

For more details on this topic, see OpenBSD security features.

Shortly after OpenBSD's creation, Theo de Raadt was contacted by a local security software company named Secure Networks, Inc. or SNI.[52][53] They were developing a "network security auditing tool" called Ballista (later renamed to Cybercop Scanner after SNI was purchased by Network Associates), which was intended to find and attempt to exploit possible software security flaws. This coincided well with de Raadt's own interest in security, so for a time the two cooperated, a relationship that was of particular usefulness leading up to the release of OpenBSD 2.3[54] and helped to define security as the focal point of the project.[55]

OpenBSD includes features designed to improve security. These include API additions, such as the strlcat and strlcpy[56] functions; toolchain alterations, including a static bounds checker; memory protection techniques to guard against invalid accesses, such as ProPolice and the W^X (W xor X) page protection feature; and cryptography and randomization features.[57]

To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, some programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.[58] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of common applications, including tcpdump and the Apache web server.[59]

OpenBSD developers were instrumental in the birth of—and the project continues to develop—OpenSSH, a secure replacement for Telnet. OpenSSH is based on the original SSH suite and developed further by the OpenBSD team.[60] It first appeared in OpenBSD 2.6 and is now the most popular SSH implementation, available on many operating systems.[61]

The project has a policy of continually auditing code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted". He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem".[62]

Alleged FBI backdoor investigated[edit]

On 11 December 2010, Gregory Perry sent an email to Theo de Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years previously to insert backdoors into the OpenBSD Cryptographic Framework. Theo de Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase.[63][64] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found.[65] Theo de Raadt states that "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."[66]

Slogan[edit]

The OpenBSD website features a prominent reference to the security record of the default install. Until June 2002, the wording read "Five years without a remote hole in the default install!" An OpenSSH bug was then discovered that made it possible for a remote attacker to gain root in OpenBSD and in any of the many other systems running OpenSSH at the time. It was quickly fixed, as is normal with known security holes.[67][68] The slogan was modified to "One remote hole in the default install, in nearly 6 years!" In 2007 a network-related remote vulnerability was found, which was also quickly fixed.[69] The quote was subsequently altered to "Only two remote holes in the default install, in a heck of a long time!" This wording remains to this day.

The default install is quite minimal, but the project states that the default install is intentionally minimal to ensure novice users "do not need to become security experts overnight",[70] which fits with open-source and code auditing practices argued to be important elements of a security system.[71]

Distribution and marketing[edit]

The name OpenBSD refers to the fact that OpenBSD's source code is freely available through the Internet. It also refers to the wide range of hardware platforms the operating system supports.[72]

OpenBSD is available freely in various ways: the source can be retrieved by anonymous CVS,[73] and binary releases and development snapshots can be downloaded either by FTP, HTTP, rsync or AFS.[74] Prepackaged CD-ROM sets can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, are one of the project's few sources of income, funding hardware, bandwidth and other expenses.[75]

In common with other operating systems, OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system.[76] Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of Makefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.[76]

OpenBSD at first used the BSD daemon mascot created by Phil Foglio, updated by John Lasseter and copyright Marshall Kirk McKusick. A specialized version of the daemon, the haloed daemon was drawn by Erick Green. Green was asked by Theo de Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. At first, it was planned to create a full daemon, including head and body, but Green was only able to complete the head part for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4.[77] Subsequent releases saw variations, such as Cop daemon by Ty Semaka,[78] but eventually settling on Puffy,[79] described as a pufferfish.[80] Since then Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork. The promotional material of early OpenBSD releases did not have a cohesive theme or design but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils.[20] These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody.[81] Past themes have included: in OpenBSD 3.8, the Hackers of the Lost RAID, a parody of Indiana Jones linked to the new RAID tools featured as part of the release; The Wizard of OS, making its debut in OpenBSD 3.7, based on the work of Pink Floyd and a parody of The Wizard of Oz related to the project's recent wireless work; and OpenBSD 3.3's Puff the Barbarian, including an 80s rock-style song and parody of Conan the Barbarian, alluding to open documentation.[20]

Bibliography[edit]

See also[edit]

References[edit]

  1. ^ a b "Platforms", OpenBSD, retrieved 13 December 2011 
  2. ^ E.g. Atmel firmware may be redistributed in object code only. atu-license OpenSBD CVS Repository
  3. ^ tigon license, tusb3410 license, custom license
  4. ^ "'Google Summer Of Code 2014.' - MARC". Marc.info. 25 February 2014. Retrieved 4 March 2014. 
  5. ^ "GSOC 2014 with the OpenBSD Foundation". Openbsdfoundation.org. Retrieved 4 March 2014. 
  6. ^ McIntire, Tim (8 August 2006), "Take a closer look at OpenBSD", Developerworks (IBM), retrieved 13 December 2011, Because OpenBSD is both thin and secure, one of the most common OpenBSD implementation purposes is as a firewall. 
  7. ^ "RTMX O/S IEEE Real Time POSIX Operating Systems", RTMX Inc., retrieved 13 December 2011, RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications. 
  8. ^ ".vantronix secure system", Compumatica secure networks GmbH, retrieved 13 December 2011, The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD. 
  9. ^ "Microsoft Acquires Softway Systems To Strengthen Future Customer Interoperability Solutions", Microsoft News Center (Microsoft), 17 September 1999 
  10. ^ Dohnert, Roberto J. (21 January 2004), "Review of Windows Services for UNIX 3.5", OSNews (David Adams) 
  11. ^ "Core Force", Core Labs, retrieved 13 December 2011, CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation. 
  12. ^ "About Xenocara", Xenocara, retrieved 13 December 2011 
  13. ^ Tzanidakis, Manolis (21 April 2006), Using OpenBSD on the desktop, Linux.com, retrieved 9 March 2012 
  14. ^ "The OpenBSD 4.9 Release", OpenBSD, retrieved 13 December 2011, Over 6,800 ports...Gnome 2.32.1, KDE 3.5.10. 
  15. ^ Jacoutot, Antoine (20 April 2011), "A Puffy in the corporate aquarium", OpenBSD Journal (Daniel Hartmeier) 
  16. ^ "OpenBSD Upgrade Guide 5.5, Advanced notice: Big changes coming for future releases!". openbsd.org. Retrieved 21 September 2014. 
  17. ^ Lucas, Michael W. (2003). Absolute OpenBSD, Unix for the Practical Paranoid (1st ed.). No Starch Press. ISBN 1-886411-99-9. Retrieved 15 June 2012. 
  18. ^ a b c d Andrews, Jeremy (2 May 2006), "Interview: Theo de Raadt", KernelTrap (Jeremy Andrews) 
  19. ^ "Interview: Theo de Raadt of OpenBSD". newsforge.com. 28 March 2006. Retrieved 12 December 2014. 
  20. ^ a b c "Release Songs", OpenBSD FAQ, retrieved 13 December 2011 
  21. ^ a b 2005 BSD Usage Survey Report (PDF), The BSD Certification Group, 31 October 2005, retrieved 16 September 2012 
  22. ^ a b Glass, Adam (23 December 1994). "Theo De Raadt". netbsd-users mailing list. http://mail-index.netbsd.org/netbsd-users/1994/12/23/0000.html.
  23. ^ de Raadt, Theo (18 October 1996). "The OpenBSD 2.0 release". openbsd-announce mailing list. http://www.monkey.org/openbsd/archive2/announce/199610/msg00001.html.
  24. ^ "The OpenBSD Foundation", OpenBSD Foundation, retrieved 13 December 2011 
  25. ^ Beck, Bob (25 July 2007). "Announcing: The OpenBSD Foundation". openbsd-misc mailing list. http://www.nabble.com/Announcing%3A-The-OpenBSD-Foundation-p11801927.html.
  26. ^ Multiple selections were permitted as a user may use multiple BSD variants side by side.
  27. ^ Lucas 2003.
  28. ^ "BSD: The Other Free UNIX Family". InformIT. 20 January 2006. Archived from the original on 14 March 2014. Retrieved 18 January 2014. 
  29. ^ Smith, Jesse (18 November 2013). "OpenBSD 5.4: Puffy on the Desktop". Archived from the original on 30 April 2014. Retrieved 4 April 2014. 
  30. ^ Cranor, Chuck D., Chuck Cranor's Home Page, retrieved 13 December 2011, I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org, which was also known as eap.ccrc.wustl.edu). 
  31. ^ a b de Raadt, Theo (11 June 1999), Opening the Source Repository with Anonymous CVS, USENIX, retrieved 13 December 2011 
  32. ^ de Raadt, Theo (7 April 2010), "Revision 1.406", OpenBSD CVS repository 
  33. ^ "Take a closer look at OpenBSD". IBM. 8 August 2006. Retrieved 12 December 2014. 
  34. ^ de Raadt, Theo, Niklas Hallqvist, Artur Grabowski, Angelos D. Keromytis and Niels Provos (26 April 1999). "Randomness Used Inside the Kernel". USENIX. Archived from the original on 14 March 2014. Retrieved 1 February 2014. 
  35. ^ a b de Raadt, Theo (5 December 2006), Presentation at OpenCON, retrieved 13 December 2011 
  36. ^ "Copyright Policy", OpenBSD, retrieved 13 December 2011 
  37. ^ Matzan, Jem (15 June 2005), "BSD cognoscenti on Linux", NewsForge (Linux.com), archived from the original on 7 February 2008 
  38. ^ Gasperson, Tina (6 June 2001), "OpenBSD and ipfilter still fighting over license disagreement", Linux.com, archived from the original on 26 June 2008 
  39. ^ "MRINFO(8)", OpenBSD Manual Pages, retrieved 13 December 2011 
  40. ^ "MAP-MBONE(8)", OpenBSD Manual Pages, retrieved 13 December 2011 
  41. ^ de Raadt, Theo (24 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc mailing list. http://archives.neohapsis.com/archives/openbsd/2001-08/2544.html.
  42. ^ Bernstein, DJ (27 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc mailing list. http://archives.neohapsis.com/archives/openbsd/2001-08/2812.html.
  43. ^ a b Espie, Marc (28 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc mailing list. http://archives.neohapsis.com/archives/openbsd/2001-08/2864.html.
  44. ^ Hartmeier, Daniel, "Design and Performance of the OpenBSD Stateful Packet Filter (pf)", Systor AG, retrieved 13 December 2011 
  45. ^ OpenBSD CVS logs showing import of diff, grep and pkg-config. OpenBGPD and OpenNTPD man pages from OpenBSD.
  46. ^ Beck, Bob (14 January 2014), "Request for Funding our Electricity", openbsd-misc (openbsd-misc) 
  47. ^ "The OpenBSD Foundation 2014 Fundraising Campaign". Openbsdfoundation.org. Retrieved 24 May 2014. 
  48. ^ Bright, Peter (20 January 2014), "OpenBSD rescued from unpowered oblivion by $20K bitcoin donation", Ars Technica, retrieved 20 January 2014 
  49. ^ "OpenBSD Project in Financial Danger". Slashdot. 21 March 2006. Retrieved 12 December 2014. 
  50. ^ "Mozilla Foundation Donates $10K to OpenSSH". Slashdot. 4 April 2006. Retrieved 12 December 2014. 
  51. ^ "GoDaddy.com Donates $10K to Open Source Development Project". thehostingnews.com. Retrieved 12 December 2014. 
  52. ^ Varghese, Sam (8 October 2004), "Staying on the cutting edge", The Age, retrieved 13 December 2011 
  53. ^ Laird, Cameron; Staplin, George Peter (17 July 2003), "The Essence of OpenBSD", ONLamp, retrieved 13 December 2011 
  54. ^ de Raadt, Theo (19 December 2005). "2.3 release announcement". openbsd-misc mailing list. http://www.monkey.org/openbsd/archive/misc/9805/msg00308.html. "Without [SNI's] support at the right time, this release probably would not have happened"
  55. ^ Wayner, Peter (13 July 2000), "18.3 Flames, Fights, and the Birth of OpenBSD", Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans (1st ed.), HarperBusiness, ISBN 978-0-06-662050-3, retrieved 13 December 2011 
  56. ^ Todd C., Miller; de Raadt, Theo (6 June 1999), "strlcpy and strlcat – consistent, safe, string copy and concatenation", Proceedings of the 1999 USENIX Annual Technical Conference (USENIX): 175–178, retrieved 13 December 2011 
  57. ^ de Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D. & Provos, Niels, Cryptography in OpenBSD: An overview (PDF), retrieved 13 December 2011 
  58. ^ Provos, Niels (9 August 2003), Privilege Separated OpenSSH, retrieved 13 December 2011 
  59. ^ OpenBSD CVS logs showing addition of privilege separation to tcpdump and httpd man page describing the chroot mechanism.
  60. ^ "Project History and Credits", OpenSSH, retrieved 13 December 2011 
  61. ^ "SSH usage profiling", OpenSSH, retrieved 13 December 2011 
  62. ^ Biancuzzi, Federico (18 March 2004), "An Interview with OpenBSD's Marc Espie", ONLamp, retrieved 13 December 2011 
  63. ^ de Raadt, Theo (14 December 2010). "Allegations regarding OpenBSD IPSEC". openbsd-tech mailing list. http://marc.info/?l=openbsd-tech&m=129236621626462&w=2.
  64. ^ Holwerda, Thom (14 December 2010), "FBI Added Secret Backdoors to OpenBSD IPSEC", OSNews, retrieved 13 December 2011 
  65. ^ Ryan, Paul (23 December 2010), "OpenBSD code audit uncovers bugs, but no evidence of backdoor", Ars Technica (Condé Nast Digital), retrieved 9 January 2011 
  66. ^ "OpenBSD Founder Believes FBI Built IPsec Backdoor". InformationWeek. 22 December 2010. Archived from the original on 14 March 2014. Retrieved 22 January 2014. 
  67. ^ "OpenSSH Remote Challenge Vulnerability", Internet Security Systems Security Advisory (Internet Security Systems), 26 June 2002, retrieved 13 December 2011 
  68. ^ OpenSSH "Challenge-Response" authentication buffer overflow, Internet Security Systems, retrieved 13 December 2011 
  69. ^ "OpenBSD's IPv6 mbufs remote kernel buffer overflow", Core Security Technologies – CoreLabs Advisory (Core Security Technologies), 13 March 2007, retrieved 13 December 2011 
  70. ^ "Security", OpenBSD, retrieved 13 December 2011, Secure by Default 
  71. ^ Wheeler, David A. (3 March 2003), "2.4. Is Open Source Good for Security?", Secure Programming for Linux and Unix HOWTO, retrieved 13 December 2011 
  72. ^ "New year's resolution No. 1: Get OpenBSD". InfoWorld. 29 December 2006. Archived from the original on 14 March 2014. Retrieved 14 March 2014. 
  73. ^ "Anonymous CVS", OpenBSD, retrieved 13 December 2011 
  74. ^ "Getting the OpenBSD distribution", OpenBSD, retrieved 13 December 2011 
  75. ^ "Ordering OpenBSD products", OpenBSD, retrieved 13 December 2011, The proceeds from sale of these products is the primary funding of the OpenBSD project. 
  76. ^ a b "15 – The OpenBSD packages and ports system", OpenBSD FAQ, retrieved 13 December 2011 
  77. ^ "OpenBSD". mckusick.com. Retrieved 12 December 2014. 
  78. ^ de Raadt, Theo (19 May 1999). "OpenBSD 2.5 Release Announcement". openbsd-announce mailing list. Archived from the original on 14 March 2014. Retrieved 28 January 2014. OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka 
  79. ^ "The OpenBSD 2.7 Release", OpenBSD FAQ, retrieved 13 December 2011 
  80. ^ Although in fact pufferfish do not possess spikes and images of Puffy are closer to a similar species, the porcupinefish.
  81. ^ Matzan, Jem (1 December 2006), "OpenBSD 4.0 review", Software In Review, retrieved 13 December 2011, Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light. 

External links[edit]

Videos

Bigger mailing lists