Sofware in Review
Tech news
Software reviews
Hardware reviews
Discuss technology
Sofware in Review → Operating systems → BSD →

OpenBSD 4.0 review

By Jem Matzan

In an era when the next edition of Microsoft Windows is pushed back more than a year, and popular GNU/Linux distributions are almost expected to have their release dates delayed by weeks or months, it's nice to know that at least one operating system releases on schedule without all kinds of showstopping bugs and problems. OpenBSD 4.0 was released on November 1 with its usual mix of new hardware support and enhanced operating system features. Read on for the full report.

OpenBSD overview

This section is for people who are not yet familiar with the OpenBSD operating system. Those who are may want to skip ahead to the next section on the new features in version 4.0

The BSDs in general have a common reputation for high code quality and poor hardware support. In OpenBSD's case, the code is definitely high quality. Nothing in the default installation is half-implemented, or committed on an experimental basis. If full functionality is not yet possible for hardware drivers, basic functionality is achieved and thoroughly tested; this forms the basis for further driver development. Everything you get in the release is production-ready, secure by default (meaning the administrator does not have to lock down the system -- it is already locked down, and services must be individually enabled), and comes with possibly the finest integrated documentation in the Unix-clone world. While you might find a poorly programmed driver or other base system component in other BSDs and GNU/Linux distributions, in OpenBSD if something is supported, it works. Like all operating systems, however -- yes, even Windows -- not everything is supported.

Hardware support is a sensitive area for the OpenBSD developers. Since they won't allow any proprietary code in the base system, and since manufacturers are frequently reluctant to give out hardware documentation, the development team is notorious for creating their own drivers through reverse-engineering. As a result, OpenBSD's RAID and wireless network card support is exceptional -- better than Linux's in some ways. It also has surprisingly good ACPI support, particularly on laptop computers. In fact, because of the good, documented wireless and ACPI support, OpenBSD makes a fine laptop operating system. The only significant obstacle for desktop users is the lack of hardware 3D acceleration for video cards.

OpenBSD is among the most secure x86/AMD64 operating systems in the world. Cryptography is integrated into nearly every part of the operating system; libraries are loaded in a random fashion; and program and daemon privileges can easily be isolated from the rest of the system via chroot, and privilege separation and revocation.

A complete OpenBSD installation from the commercial CD set can be completed in about five minutes. Extra programs can be added through an APT-like package tool that has access to thousands of precompiled packages, or custom compiled through the Ports system. OpenBSD even has binary emulation layers for FreeBSD, Linux, Unix SVR4, SCO/ISC, and BSD/OS programs, so if there is no native OpenBSD port of your favorite *NIX application, you can probably still use its Linux or FreeBSD binary.

Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.

For more information on OpenBSD, you can visit the project Web site, or this article on using OpenBSD.

What's new in 4.0

OpenBSD now has support for various ARM-based devices (the Thecus N2100 and IOData HDL-G are the only ones known at this time); UltraSPARC III-based machines are also now supported, as is the Sharp Zaurus SL-C3200.

OpenBSD 4.0

As for new and improved hardware driver support, there are too many updates to print here, but you can see the full list on the OpenBSD site. Mostly the new peripheral support includes wired and wireless network cards of various kinds, some new SATA chipset support, and improved CPU scaling on processors that support it.

One major new feature in OpenBSD 4.0 is the introduction of OpenRCS, a BSD-licensed, compatible rewrite of GNU RCS. RCS stands for revision control system, in case you were wondering, and the GNU version had come to a point where it made more sense to rewrite it under the BSD license with security and portability in mind.

IPsec has also gained several new capabilities and features, including IPv6 support.

The theme for the 4.0 release is "Humppa Negala" -- humppa being a style of music that many OpenBSD programmers enjoy.

Putting it to the test

This was the first in-place production upgrade I've ever done, moving from OpenBSD 3.9 to 4.0. Previously I'd done reinstalls for new versions, but 3.9's updated pkg_add utility made it much easier to do in-place upgrades, so this was the first opportunity I've had to try it out. The process was quick and worked extraordinarily well. The only exception was merging the new /etc config files with the old ones. Since many of those files had been customized, this was not an easy task.

I tried to install 4.0 on a new Core 2 Duo machine based on an Asus P5B motherboard, but I couldn't get any keyboard response in the console. I tried USB and PS/2 keyboards of different types, and tried messing with the BIOS, but nothing worked. That's a very new machine, though, and even most GNU/Linux distributions have varying degrees of trouble with it (owing mostly to the lack of a chipset-integrated IDE controller).

I found the Intel Pro Wireless driver to be vastly superior to the one in 3.9, which would timeout every few minutes when under heavy loads. In 4.0 it only times out every half hour or so under consistently heavy load. Still not perfect, but much better than before, and it removes the need to carry around a PCMCIA wireless card. I can't fault the OpenBSD developers for the IPW driver problem, though; they're developing it blindly, without the proper hardware and firmware documentation from Intel.

There's a mistake in the printing of the booklet in the CD set that switches some of the pages around. It's not a big deal if you know about it ahead of time, but it could be mighty confusing to people who need the installation instructions.

The official OpenBSD CD set, starting with version 4.0, now comes in a DVD case. This makes it much easier to get to the discs, and it also should prevent most of the damage-in-shipping problems that previous releases had with the old CD-style cases. Personally I have two past OpenBSD set cases that won't properly hold their discs because the plastic tabs broke off during shipping.

Conclusions and developer recommendations

I've tried hard to find a significant weak point in this operating system, but there just isn't one. Put simply, OpenBSD makes Unix fun and interesting. It's the only Unix-like operating system that you can build, customize, and update without running into strange problems, bugs, and growing pains. Upgrades are done with confidence, not trepidation, and once configured, there isn't a whole lot of worrying to do.

The other operating system I was testing while evaluating OpenBSD 4.0 was Fedora Core 6, and it was so full of bugs and problems that when I sat down to play with OpenBSD it was a relief to have everything working as intended and expected. No crashes or other undesired behavior, and the operating system was not half-developed -- it was complete and production-ready as delivered. It's so well put together that I'm planning a migration strategy for my production server to go from Gentoo x86 to OpenBSD AMD64, adding OpenLDAP directory services in the process. The only complaint that I ever see people raise about OpenBSD is that it doesn't perform as well as Solaris or GNU/Linux when under heavy load. With high-performance computer hardware so inexpensively available these days, however, I can't understand why anyone who has a choice would go with anything other than OpenBSD for a Web, FTP, email, directory, or NFS server.

Specifically regarding the 4.0 release, it's more or less as I expected it to be -- a slow progression toward perfection. Many things are better, but some things are still missing. Here's where I'd like to see OpenBSD go in the future:

  • Make mergemaster part of the base system. Upgrading is easier now than it's ever been, the only significant hurdle being upgrading configuration files, many of which haven't changed at all, some of which have changed little, and a few of which have changed in very important ways. It's not easy having to sort through every file in /etc/ and most of its subdirectories. There is an OpenBSD package for FreeBSD's mergemaster (which is made specifically for this process), but it would be helpful if it were included in the base system (or made part of the upgrade process on the installation media) and specialized for this task on OpenBSD. Currently it has a kind of wonky approach to updating the config files.
  • WPA support. This is important for many wireless users who need to be able to communicate with WPA-enabled access points. My search logs indicate that quite a number of people are also interested in seeing this feature added to OpenBSD.
  • Improved wireless networking tools. Right now you have to do some fancy footwork with ifconfig to find and join a wireless network if there are multiple access points available. Joining one in specific can be difficult, especially if it requires a WEP key. I've made some very basic scripts to handle this on my machine, but I think it would be better to have an OpenBSD-authored command line wireless networking tool that basically does what Network Manager does in SUSE Linux -- find and manage access points and wireless network profiles.
  • Better SMP support. Now that multi-core CPUs are basically the standard among laptop, desktop, and x86/AMD64 servers, and multi-core multi-CPU systems are becoming more common, I think it's time to focus on expanding OpenBSD's SMP capabilities. A few releases ago we got initial SMP support, but from some basic performance tests that I've run, there's a lot of room for improvement in this area.
Purpose Operating system
Manufacturer The OpenBSD Project
Architectures x86, AMD64/EM64T, SPARC, SPARC64, ARM, Alpha, HP300, HPPA, Mac68k, MacPPC, mvme68k, mvme88k, luna88k, VAX, MIPS, Zaurus
License BSD
Market Network appliances and servers of all kinds, for home, office, or enterprise; security-minded desktop users and sysadmins
Price (retail) U.S. $50
Previous version OpenBSD 3.9
Product Web site Click here