Only two remote holes in the default install, in a heck of a long time.
A tribute to the operating system that gave the world OpenSSH, asked the hard security questions nobody wanted to hear, and never, ever compromised.
Sometimes the most important thing you can do is walk away and start over. Properly.
"I forked because I wanted to do the right thing, and nobody was willing to let me do it where I was."
— Theo de Raadt, 1995In October 1995, Theo de Raadt forked NetBSD and created OpenBSD. The reasons were complicated — personality clashes, disagreements about direction, politics that plague every open source project. But the result was crystal clear: an operating system with one overriding mission.
Security. Not security as an afterthought. Not security as a checkbox. Security as the first principle. Security as the reason the project exists. Every line of code audited. Every default locked down. Every network service disabled until you explicitly enable it.
Theo was told he was too abrasive, too demanding, too uncompromising. History proved that uncompromising was exactly what the world needed.
October 18, 1995. Theo de Raadt took NetBSD's source, set up CVS in Calgary, Alberta, and began the most aggressive security audit in operating system history.
"Secure by default." Three words that changed everything. No open ports. No running services. No trust. Prove it's safe, or it doesn't ship.
The mascot that's as prickly as the project's founder. A blowfish — small, unassuming, and covered in spines. Touch it wrong, and you'll regret it. Perfect.
Not Silicon Valley. Not Cambridge. Calgary. Where the winters are brutal and the code is audited twice. The perfect environment for building software that can't afford to fail.
_____
/ \
| () () |
\ ^ /
____/| |\____
/ \| |/ \
/ /\ \ / /\ \
/ / \ \_/ / \ \
/ / \ / \ \
( ( ) ( ) )
\ \ / \ / /
\ \ / \ / /
\ \/ /^\ \/ /
\ / | \ /
\ / | \ /
\_/ | \_/
|
PUFFY SAYS:
"Audit everything."
Puffy the blowfish appeared with OpenBSD 3.5. Named after the Blowfish cipher (also an OpenBSD contribution), Puffy is the most expressive mascot in operating system history. Every release gets new artwork — Puffy as a samurai, a hacker, a pirate, a revolutionary.
Where other projects hired design firms, OpenBSD's community drew Puffy with love. Where other mascots were corporate-approved, Puffy was irreverent, subversive, and occasionally political. Like the project itself.
Puffy has been on t-shirts worn at every security conference worth attending. On stickers plastered to ThinkPads around the world. On posters in server rooms where security isn't just a buzzword — it's the whole point.
OpenBSD doesn't trust your code. It doesn't trust its own code. That's the point.
While other projects wrote code and hoped for the best, OpenBSD's developers read every line. Not just new code — old code too. Code that had been "working fine" for years was torn apart, inspected, and rewritten when it didn't meet the standard.
Buffer overflows were hunted like vermin. Format string bugs were exterminated. Integer overflows were tracked down. Privilege escalation paths were sealed. Not because there was a CVE. Because the code might be wrong. And "might" is unacceptable.
Remote holes in the
default install.
In a heck of a long time.
Memory is either writable or executable. Never both. A simple rule that eliminates entire classes of exploits. OpenBSD enforced it when everyone else said it was too inconvenient.
Convenience is the enemy of security.
Address Space Layout Randomization. OpenBSD was among the first to randomize stack, heap, and mmap addresses. If the attacker can't predict where things are in memory, they can't exploit them.
Make the attacker's life impossible.
Split every daemon into privileged and unprivileged parts. If the network-facing code is compromised, the attacker still can't reach the crown jewels. OpenSSH pioneered this pattern and it changed how the world writes servers.
Trust nothing. Compartmentalize everything.
pledge() — a program declares what syscalls it will use, then the kernel kills it if it tries anything else. unveil() — a program declares what files it will access, then everything else vanishes.
Elegant. Simple. Devastating to attackers.
Cryptographically secure random numbers, trivially easy to use. No seeding. No /dev/urandom worries. Just call arc4random() and get randomness you can stake your security on. Adopted by macOS, Linux, and others.
Good APIs make secure code easy to write.
Safe string functions that prevent buffer overflows by design. Proposed to replace strcpy/strcat. The C standards committee rejected them. The exploits kept coming. OpenBSD's response: "We told you so."
The right answer, even when nobody listens.
A tiny project with no corporate backing produced software that the entire internet depends on. Every. Single. Day.
In 1999, Theo de Raadt looked at the state of secure remote access and decided the world needed a free, audited, portable SSH implementation. He took the last free version of Tatu Ylönen's SSH, cleaned it up, and released OpenSSH.
Today, OpenSSH is on virtually every Unix server, every Linux box, every Mac, every router, every cloud instance. It's in Windows. It's in your phone. Every time you type ssh, you're using OpenBSD's code.
No VC funding. No corporate sponsor. No business model. Just a small team in Calgary who believed that secure remote access should be free for everyone. It might be the most important piece of open source software ever written.
The firewall that made firewall configuration readable. Human-syntax rules. Stateful filtering. NAT. Queue-based traffic shaping. So good that FreeBSD, NetBSD, and macOS all adopted it.
After Heartbleed revealed OpenSSL's horrors, OpenBSD forked it. Removed 90,000 lines of code. Deleted support for obsolete platforms. Fixed the build system. Produced a TLS library that doesn't make cryptographers weep.
OpenBSD's own web server and load balancer. Minimal. Audited. Configured with the same clean syntax as pf. No modules. No plugins. No attack surface. Just serving files, securely, with privilege separation.
A clean, secure BGP implementation. Used by ISPs and internet exchanges worldwide. Because the protocol that holds the internet together shouldn't be written in spaghetti code with known vulnerabilities.
NTP without the complexity. Privilege-separated, minimal configuration, audited code. Because even setting the clock should be done securely. The reference NTP implementation had over 300,000 lines of code. OpenNTPD did the job in a fraction.
A mail server that doesn't make you want to cry. Clean configuration syntax. Privilege separation. Table-based lookups. Written because Sendmail's config language is a war crime and Postfix was still too complex.
Every OpenBSD release comes with original artwork and an original song. No other operating system in history has done this. It's beautiful, weird, and perfectly OpenBSD.
The first release song. Puffy goes medieval on insecure code.
"We're not in Linux anymore, Toto." Puffy takes on the Wizard of Oz.
Binary-themed. Because sometimes security is just ones and zeros.
After Heartbleed. LibreSSL was born. "We removed what we could not trust."
A nostalgic look back at the fork. "In the winter of '95, we wrote the code that kept us alive."
A love letter to style(9). "Code with style, or don't code at all."
"An operating system that ships with original music is either insane or brilliant. OpenBSD is both, and that's why we love it."
— The internet, collectivelyNo corporate sponsors. No swag bags. No motivational speakers. Just developers, laptops, and code that needs to be better.
"Shut up and hack."
The unofficial hackathon motto. Talk is cheap. Code is real.
"The best code review happens face to face."
Sitting next to someone, pointing at their screen. No JIRA. No pull requests. Just developers helping each other write better code.
"We do this because we care."
No one at a hackathon is paid to be there. They come because OpenBSD matters to them.
The moments that defined us.
Three CDs, shrink-wrapped, with that release's artwork printed on the disc. The stickers inside. The poster. You ordered it not because you needed CDs — you had broadband — but because the project needed the money, and the artwork was worth framing.
Reading the pf.conf man page. Realizing you could write firewall rules in English. pass in on egress proto tcp to port 22. After years of iptables, it felt like poetry. You re-read it just to make sure it was real.
Downloading the new release song on launch day. Playing it in your terminal while the install ran. Explaining to your coworkers why your operating system had a theme song. They didn't get it. They never would. That was fine.
You asked a question on misc@. Theo responded. It was blunt. It was possibly rude. It was absolutely, devastatingly correct. You learned more from that one email than from a semester of classes. You never made that mistake again.
An old Pentium 3 with two NICs. OpenBSD. pf. NAT. DHCP. Your entire home network behind it. Your friends used consumer routers. You used an operating system. It ran for years without a single security incident. Without a single reboot.
That moment after installation when you ran man afterboot and realized OpenBSD had a man page telling you exactly what to do next. Step by step. No blog posts. No Stack Overflow. Just a man page that anticipated your questions.
Reading the pledge(2) man page and having a genuine "eureka" moment. A single syscall that makes your program declare its intentions. If it lies, the kernel kills it. So simple. So elegant. So obviously right that you wondered why nobody thought of it sooner.
April 7, 2014. The internet was on fire. OpenSSL had a catastrophic bug. You were running OpenBSD. You watched the world scramble. Then you watched the OpenBSD team fork OpenSSL, delete 90,000 lines of code, and create LibreSSL in a weekend. That's when you knew you'd picked the right OS.
Years of consecutive releases
Active developers worldwide
Releases per year, like clockwork
Founder & Project Leader
Theo is not diplomatic. He will tell you your code is bad. He will tell you your security model is broken. He will tell you in public, on the mailing list, with the subtlety of a sledgehammer.
And he will be right. Almost every time.
The world needs people like Theo. People who won't accept "good enough." People who understand that a security bug isn't just a bug — it's a betrayal of everyone who trusted your code. The internet is more secure because one stubborn South African-Canadian in Calgary refused to compromise.
LibreSSL lead. The person who cleaned up OpenSSL's mess and made TLS trustworthy again.
pf maintainer. OpenBGPD architect. Made network infrastructure secure and readable.
OpenSSH portable lead. Made sure every Linux and Mac can ssh safely. From Australia, with precision.
Created httpd, relayd, and more. Proved that small, audited tools beat bloated frameworks every time.
Type a command. Remember who you are.
. .
/ `-' \
/ \ "Only two remote holes
; _ _ ; in the default install,
| (_) (_) | in a heck of
\ ^ / a long time!"
'-----'
/|| ||\
/ || || \
|| ||
'' ''
_______
/ \
| O B S D | Secure by default.
| .---. | Free by choice.
| | _ _ | | Audited by hand.
| ||_|_|| |
| | | | "Functional, secure,
| '---' | and free."
\_______/
|||
|||
_____|_|_____
| |
|_____________|
To every pf.conf written with care. Every pledge() call that made a program declare its intentions. Every unveil() that locked the filesystem to only what was needed.
To the CD sets we ordered. The release songs we played. The artwork we framed. The hackathons where code was written in silence, side by side, because that's how real work gets done.
To Theo, who was right when being right wasn't popular. To the auditors who found the bugs before the attackers did. To the donors who kept the project alive when the money ran out.
You chose security when the world chose convenience. You chose correctness when the world chose speed. You chose craft when the world chose "good enough."
Secure by Default. Free Forever. Since 1995.