The OpenBSD team earlier this month href=3D"http://os.newsforge.com/article.pl?sid=3D04/10/29/1856256&tid=
=3D8">released=20
version 3.6 of the free operating system, with support for more hardware,=
updated application software, and bug fixes included. This time around Ope=
nBSD=20
has added support for multi-CPU systems, a number of drivers for new periph=
eral=20
hardware, and about 200 more applications to the Ports tree. We took the ne=
w=20
version for a spin, and liked what we found.

Since we've previously href=3D"http://os.newsforge.com/article.pl?sid=3D04/07/20/180234&tid=3D=
8">reviewed=20
OpenBSD 3.5, we won't repeat everything, but here is a quick list of th=
e=20
general features intrinsic to the operating system:

• OpenBSD is secure by default -- in other words, the base system that =
  you=20
  install will not have any security flaws or enabled services that could=
  compromise the integrity of your system.=20
  
• OpenBSD is easy to install, set up, and use, but it's all done from t=
  he=20
  command line. If you want to learn and use OpenBSD, you'd better be famil=
  iar=20
  with the man command.=20
  
• The documentation via the manual pages is superb.=20
  
• All of the software you'll need to run a Web, mail, NFS, DHCP, or fil=
  e=20
  server is installed and ready to be configured and enabled.=20
  
• New programs are easy to install, update, and manage through the Port=
  s=20
  system.=20
  
• OpenBSD includes integ=
  rated=20
  cryptography, which is used by some parts of the base system to enhan=
  ce=20
  security.

OpenBSD doesn't necessarily make as complete a desktop system as FreeBSD=
or=20
one of the desktop GNU/Linux distributions does, but href=3D"http://software.newsforge.com/article.pl?sid=3D04/10/15/181232&=
tid=3D130">you=20
can certainly use it to get email, chat on IRC, browse the Web, or writ=
e a=20
book. There are no hardware accelerated drivers for Nvidia, ATI, or Intel v=
ideo=20
chips, so 3D games are out of the question, but you can still get good colo=
r=20
depth and resolution in X11 for 2D applications. Desktop environments like =
KDE=20
3.2.3 and GNOME 2.6.2 are available through the Ports system, as are severa=
l=20
window managers and a host of GUI-based programs that run in them. In all t=
here=20
are more than 2,700 programs in the OpenBSD 3.6 Ports tree which, unlike=20
FreeBSD's Ports tree, remains static for each release. In other words, Open=
BSD=20
Ports follows the same release schedule that the base system does, as oppos=
ed to=20
the maintainers updating the Ports as they see fit. This means that you'll =
be=20
stuck with the same software versions until the next release (six months), =
but=20
it also means that each OpenBSD installation will have exactly the same sof=
tware=20
on it, providing a standard, stable environment for sysadmins.

The quickest way to get OpenBSD 3.6 is through an FTP install. You downl=
oad a=20
small CD ISO or diskette image, boot from it, then download the installatio=
n=20
sets from the OpenBSD FTP servers. Every time I try this I have some kind o=
f=20
problem, but the CD set always works perfectly on my systems.

Speaking of which, the href=3D"https://https.openbsd.org/cgi-bin/order">OpenBSD 3.6 CD set is =
an=20
inexpensive $45 (or =
45=20
euros). Anyone seriously considering OpenBSD on the i386, SPARC/SPARC64=
,=20
AMD64, VAX, or macPPC architectures will find the CD set to be a much more=
convenient and speedy method of installation.

OpenBSD's installation routine is spartan, but quick and simple. It's me=
rely=20
a script that goes through each step of a complete installation or upgrade =
of=20
the base system. Depending on the speed of your computer and the size of yo=
ur=20
hard drive, installation can take between 10 and 30 minutes, and upgrades w=
ill=20
usually take about half that. The upgrade script unfortunately does not upg=
rade=20
precompiled application packages or any programs that you've installed thro=
ugh=20
Ports, and there is no Portupgrade program to automate this process as ther=
e is=20
in FreeBSD. To upgrade your programs, you'll have to reinstall each one=20
individually -- not difficult to do, but certainly tedious if you have a nu=
mber=20
of programs on your system. Some people prefer to deinstall all packages pr=
ior=20
to the upgrade, then reinstall the new versions afterward. Packages are not=
as=20
easy to get from the FTP repository as Ports are, but are much quicker to=
install on slower systems and easier to distribute to multiple=20
installations.

If you choose to upgrade your Ports after the upgrade, you can run the=
/usr/ports/infrastructure/build/out-of-date script to determine which ones=
need=20
to be upgraded, then locate each one and deinstall and reinstall it.

New in 3.6

Included with the standard installation are OpenSSH 3.9 (OpenSSH is part=
of=20
the OpenBSD project) and OpenSSL 0.9.7d; GCC 2.95.3 and 3.3.2 with the href=3D"http://www.trl.ibm.com/projects/security/ssp">ProPolice add-on=
installed and enabled by default; Perl 5.8.5; Apache 1.3.29 with href=3D"http://www.openbsd.org/faq/faq10.html#httpdchroot">default chrootin=
g,=20
privilege revocation, mod_ssl 2.8.16 and DSO support; Sendmail 8.13.0 with =
href=3D"http://www.milter.org/">libmilter; BIND 9.2.3; Heimdal 0.6rc1; =
and a=20
customized fork of XFree86 4.4.0 without the new, more restrictive licensin=
g.=20
Other packages like Lynx and Sudo are also included, and most of the=20
above-listed programs include specialized patches from the OpenBSD team to=
enhance security and functionality.

Hands On

I tested out OpenBSD 3.6 on my most temperamental system: a Dell Inspiro=
n=20
3800 laptop. I had no trouble with my PCMCIA Xircom wired or Linksys wirele=
ss=20
network cards, nor did I have any trouble switching between the two. I coul=
d=20
install and use XFree86 without any trouble, and everything seemed to work =
just=20
as perfectly as it did in the previous release. I didn't have any multi-CPU=
systems running the new SMP support on either the AMD64 or i386 editions.<=
/P>

The OpenBSD project cannot guarantee the security of programs in the Por=
ts=20
tree, but they do make an effort to ensure that obviously insecure programs=
don't make it into Ports. If a security bulletin is sent out about program=
s in=20
either the base system or Ports, OpenBSD provides patches individually or a=
s a=20
separate branch of the entire project. The process for applying a single pa=
tch=20
is detailed at the top of each patch file, making installation as easy as=
following a couple of lines of instructions. As of this writing there are =
no=20
listed security bulletins, but if there are, href=3D"http://www.openbsd.org/errata.html">they'd appear here.

The PATCH branch of OpenBSD is one of three separate yet related divisio=
ns of=20
the project. The first and most obvious is RELEASE, which remains consisten=
t=20
throughout the six-month lifespan of an official OpenBSD release. PATCH is=
RELEASE plus any security updates, and is updated as patches are released.=
The=20
third branch is CURRENT, which is the cutting edge of OpenBSD development.=
Obviously you don't want to run in-development code on a production machin=
e, so=20
CURRENT is really only useful to people interested in contributing to the=
project. These branches are not isolated to the base system; they also inc=
lude=20
the entire Ports tree.

Conclusions

I'm certain the OpenBSD team would think this a trivial matter, but for =
the=20
next version I would really like to see a Portupgrade-like program to upgra=
de=20
the compiled Ports to the new version without a great deal of hassle.

Aside from that single gripe, what strikes me most about OpenBSD in gene=
ral=20
is the professional manner in which it is developed and released. By=20
professional I don't mean "corporate," as in meaningless meetings, bad desi=
gn=20
strategies, incompetent bosses, unreasonable deadlines, etc. I mean it's=20
released on time with few problems and it does exactly what it claims to do=
.

Each release is a small step forward; operating system development shoul=
d be=20
a battle of inches instead of historically disastrous attempts at giant lea=
ps,=20
and OpenBSD 3.6 personifies that philosophy. With the exception of SMP supp=
ort,=20
every enhancement new to 3.6 is a few inches forward. Some things may seem=
little but mean a great deal to those who requested and developed them. Ot=
hers=20
might not be able to notice any difference at all between 3.5 and 3.6.

OpenBSD 3.6 is among the better AMD64 operating systems out there, which=
may=20
make it a suitable server replacement for FreeBSD, which continues to suffe=
r=20
from a horrible AMD64 SMP implementation. If you want to set up a cheap, se=
cure=20
home server, or if you'd like to get into using the command line interface =
more=20
proficiently, OpenBSD 3.6 is an excellent operating system to choose.