Roughly 20 years ago, around the time the first versions of Linux started seeing the light, a couple other efforts in the Opensource Operating System arena were underway. On one side, the mythical GNU own kernel (HURD) was discussed about (two decades later, we have just started to see one or two viable distributions based on the HURD kernel); on the other hand, the first versions of the Opensource derivatives from 386BSD (NetBSD, FreeBSD and OpenBSD) were released.
OpenBSD, the “youngest” member of the BSD family has just released its latest version. The OpenBSD project, led by Theo De Raadt, one of the co-founders of the NetBSD project, focuses on proactive security, code correctness and portability. Some of the software components created by the OpenBSD team, such as OpenSSH, have transcended beyond OpenBSD and have been adopted at large by other Operating Systems.
Despite having a relatively modest team of developers, the OpenBSD project has managed to release a minor version exactly every 6 months for many years. Many of these minor releases only differentiate from the previous release by a few new features and/or drivers and a slew of bugfixes (for example, some of the main new features of 4.9 are read only access to NTFS filesystems in the default kernels, SMP kernels can now boot on machines with up to 64 cores, there can be more than 4000 processes in x86 architectures and OpenSSH 5.8 has been included).
What are the key features of OpenBSD? Above all, it’s simple in the most purist BSD/Unix style and makes all its source code freely available (it is Opensource after all, what would you expect?). Special care is put on code correctness and security, including bug fixes and even specific functions (strlcat and strlcopy are good examples in the string manipulation arena) to prevent common coding mistakes. It has a good set of network tools (including dynamic routing protocols support through openbgpd and openospfd), a solid packet filtering implementation through pf and a reliable redundancy protocol (CARP). I also offers a sizable library of binary packages and a larger set of available applications in source code form through their ports repository.
Although OpenBSD and Linux are both Opensource, there are substantial differences in the way they are licensed. The BSD license (under which OpenBSD is distributed) makes source code available to anyone willing to use it, sell it or create derivatives, either for commercial or non-commercial use. There is no obligation to redistribute the source code for any modification, and the only condition is for the original copyright notice to be included with the binary code (the distributor is not bound by any specific license). The GPL license (under which Linux is distributed) makes source code available to anyone willing to use it, sell it or create derivatives, either for commercial or non-commercial use, with the obligation to also re-distribute the source code for the derivatives and to provide them under the same license.
While the general consensus is that BSD licenses are “less restrictive” (they don’t impose a particular license to the entity distributing derivatives), it all depends on whose rights are being considered: as a company deriving a commercial and closed source product from a BSD licensed code base, the BSD license is certainly less restrictive. But as the consumer who is acquiring and using that product without the rights to access the source code for the modifications performed by that company, the consequences of the BSD license in the first place are an effective further restriction of the consumer rights, because derivatives can be distributed under any license including proprietary closed source models. In the spirit of full disclosure, as a consumer I always prefer Opensource, and a GPL license always guarantees that. BSD licensing supporters (and GPL detractors) argue that GPL impairs the ability for businesses to make money off their software (as they need to release the source code for the modifications and can not impose a license more restrictive than the GPL license that they received).
Which license is better? I guess it all depends: if you are developer expecting to get funding (mostly through donations) from your direct users -especially corporate ones-, and you don’t care about the end user access to the source code for the products that they use, then a BSD License may be a good choice. If, on the other hand, you sit on the idealist side and want to ensure that nobody can restrict the rights of the end users, GPL is the clear winner.
When comparing the evolution in market share of Linux and OpenBSD, two Operating systems that were born around the same time, a question comes to mind: why is there such a difference in market penetration? Linux, on one side of the spectrum, with a License that apparently impairs commercial venues, has enticed companies and organizations to adopt and support it under varying commercial models, while the BSD derivatives (FreeBSD, OpenBSD and NetBSD), with a larger history and an allegedly more commercial friendly license haven’t been as successful to gather a large installed base and widespread adoption.
This difference probably obeys to several reasons. One of the possibly most clearly defined is the eclectic leadership style of Linus Torvalds who tends to choose practical over doctrine (in the BSD world in general there is normally a higher adherence to rules on how things should be, based on the “BSD tradition”).
The GPL itself seems to be (despite the opinions of some of its detractors) another important reason: if consumers seem to prefer GPL (and consumers are not only you and me, but also large companies and organizations) because they have access to the source code, why wouldn’t companies (developers, integrators, resellers, etc.) make a business out of it? In addition to this, any company releasing an Opensource product wants to reasonably ensure that they will have access to the source code of any potential competitive product derived from their code base. In this sense, GPL levels the field by giving everyone access to everyone else’s source code.
A third important reason goes along the “self-fulfilling prophecy”: as soon as the development community grows enough to reach and exceed the critical mass, the accelerated development pace allows for a continuous and significant amount of contributions in every imaginable direction; the widespread adoption also guarantees innumerable use cases and thorough testing across diverse hardware; the commercial focus provides for code auditing and general security improvements, and the use by Colleges and Government Agencies supplies interesting domain specific features (take SELinux, for example).
So, now that OpenBSD 4.9 is out, should you consider migrating to it? Well, that depends. If you are already a user of OpenBSD and are still on an older version, I would say: why not? You get a few new features, some additional drivers and a ton of bug fixes. If you have been looking into OpenBSD before and you decided that it wasn’t for you, unless your only reason was the inability to access an NTFS partition (you can’t be serious!) or running more than 4000 processes on an x86 server, then you should still be looking somewhere else. If you are a Unix lover and have never been interested in OpenBSD before, maybe you should consider taking it for a spin on a Virtual Machine or an older piece of hardware. It is a reliable, secure, traditional in the BSD sense and simple Operating System, ideal for a firewall (or maybe two thanks to CARP), a SOHO router or even an unpretentious workstation.