OpenBSD version 7.6 release, Heartbleed, and the nature of 'Free.'
I wrote the following essay ten years ago, as the events surrounding OpenBSD forking the OpenSSL codebase in response to Heartbleed unfolded. I’m re-publishing it today in acknowledgement of that effort and their release of version 7.6
OpenBSD is an operating system you've probably never heard of.
You've heard of Linux and you might have come across the acronym F/OSS, for Free / Open Source Software.
The slash character is important, because Free software and Open Source are not the same thing. The two are separate communities, social movements, with their own philosophies and technologies, which happen to share a variety of objectives. Over time the distinctions have blurred but intrinsically, they are distinct.
Nowhere is this more apparent than in Operating Systems where Linux, the one you've heard of, is the OS of the Free Software community. OpenBSD, the one you haven't, is the premiere OS of the Open Source community.
It gets confusing because you've been told that Linux is 'open source' which it is, but note the lower case. Linux is open source but it isn't, strictly speaking, Open Source.
The primary philosophical distinction between the two operating systems concerns, believe it or not, the nature of freedom. Linux and Free Software are governed by licences which are known as 'Copyleft' (as opposed to 'Copyright.') Copyleft licences allow you, the user, to take the microcode of software and modify it for your own purposes but with one caveat: if you subsequently release your modified derivative, you must also extend the same courtesy to those who use your software.
The result is that copyleft software is free for all to use and to examine and to modify in perpetuity, down through the generations of software development and derivative works. Many copyleft projects, such as Linux, rise to prominence because of this levelled playing field: all may contribute, all may examine, all may use. Competition is discouraged and collaboration is encouraged. Major corporations who are the bitterest of rivals all contribute to Linux, because it is in their individual interest to do so, as they know that their competitors will not be able to take their contributions and make them proprietary.
Collectively, we all benefit.
In contrast, OpenBSD and Open Source are typically governed by licences which are know variously as 'BSD' or 'MIT' licences, acronyms which originate from the institutions which developed them: the University of California at Berkeley and the Massachusetts Institute of Technology. Collectively, these are known as 'permissive' licences.
Under permissive, Open Source licences, the user is entitled to take the code and use it for whatever purpose, even modifying it and selling it without making the changes introduced to the derivative available for the subsequent user. The enforced sharing of Free Software is avoided, as the absolute freedom to take the code and do whatever you like with it is the objective.
At this point in our narrative if you're still with me, you're probably thinking to yourself "okay, one bunch of turbonerds gives their stuff away but insists that if you use their stuff, you give your stuff away too. On the other hand, this other bunch of ultrageeks gives their stuff away and lets you do whatever the hell you like with it. No wonder these idiosyncratic IT people are so difficult to deal with, they waste their time on all this trivial nonsense."
Which is a fair enough reaction but I encourage you to think again. Technology is all-pervading into our lives. Those turbonerds and ultrageeks are deeply conscious of the real-world social consequences of what they do and F/OSS is the result, the method, that many choose to use to serve humanity.
In short they donate, in a very precise manner, so that we all might prosper.
Back to the story. Linux has risen to prominence because of the Free Software philosophy, while OpenBSD has decreased to a niche presence because it is Open Source. Collaboration succeeded where [the potential for] competition failed.
But Open Source OpenBSD is still with us. Partly because it is a direct descendent of actual Unix. OpenBSD can trace its lineage through all the derivatives and all the iterations back to the original Unix operating system developed at AT&T's Bell Laboratories 44 years ago. Where Linux, a member of the broader Unix family is a Unix-like, POSIX-compliant clone of Unix, OpenBSD is a real descendent. Today they are small but their lineage commands respect.
And that pedigree shows, in the code.
Where Free Software Linux is a free-for-all, Open Source OpenBSD is disciplined and tight.
And those OpenBSD lads know their stuff.
• Eleven days ago the Heartbleed bug in OpenSSL was exploited, exposing every web user on the planet.
• Ten days ago every vendor released a patch to their distribution of OpenSSL and administrators around the world commenced patching their systems.
• Nine days ago a team of OpenBSD developers led by Theo de Raadt forked the OpenSSL codebase away from the OpenSSL Project.
• Yesterday, OpenBSD had removed 90,000 lines of C code from OpenSSL and re-architected a further 250,000 lines of code.
• Today LibreSSL, OpenBSD's replacement of OpenSSL, went 1.0.
You might like to think about the nature of freedom and the consequences of technology upon it. You might like to consider which of the Free Software or the Open Source philosophies most accurately aligns with your own ethics.
But today, you should probably think about a small group of unpaid volunteers whose philosophy of freedom is in the minority. A group of volunteers who stepped up for your benefit.
Eleven days ago our world encountered an existential threat to a pervasive technology. Governments and government agencies who utilise that technology, and billion dollar corporations who sell us products and services derived from that technology, aren't alleviating the threat.
Four unpaid OpenBSD volunteer developers are.
So consider making a donation, to the Operating System you've never heard of.
http://www.openbsd.org/donations.html
-SRA. Auckland, 23/iv 2014.