OpenBSD 7.9 arrives, a diamond in the rough proud of every sharp edge

HANDS ON Even after 60 releases, to borrow Carlsberg’s slogan, OpenBSD is probably the most secure FOSS Unix-like OS in the world.

OpenBSD 7.9 arrived just a couple of days after
project lead Theo de Raadt’s birthday. Our congratulations to both. The
last four months or so have seen the fastest succession of security
issues in Linux that we can remember in the project’s existence so far,
but OpenBSD sails on serenely.

Back in March, Anthropic announced that
its Claude Mythos LLM had found a successful OpenBSD attack – but it
wasn’t a hole. A TCP/IP packet with malformed Selective
Acknowledgement options could crash the kernel. This was a real
problem, and the bug that caused it went back 27 years, but it doesn’t
let anyone in. The OpenBSD developers had already included a fix
for the bug two weeks earlier, so OpenBSD 7.8 users would get it the
next time they ran sysupdate, and it is of course fixed in
this version.

The new features in version 7.9 are relatively modest. On x86-64
machines – which it terms amd64 – 7.9 now supports a
maximum of 255 processor cores, and fixes a bug on machines with over
512 GB of RAM. It can also handle up to 52 partitions per disk.
Internally, there can be up to 64, but the limit is now the number of lowercase and uppercase letters of the Roman alphabet, which it uses in
labels.

On x86-64 and Arm64, the CPU scheduler now understands heterogeneous
CPU cores with different performance levels, and can assign processes to
four different performance levels described by the letters S-P-E-L,
denoting SMT, performance, efficient, and lethargic.

This should improve power management, and another feature called
“delayed hibernation” can also help. Rather than letting a suspended
laptop simply turn off if its battery runs out, when power levels get
very low, the machine will wake up then immediately hibernate – a
process that ends with it turning completely off. OpenBSD still doesn’t have a
journaling file system. It uses FFS2, an improved
version of the original Berkeley Fast File
System developed by Kirk McKusick. This used to include a
performance enhancement called soft updates (McKusick’s
own explanation) but these were removed
in 2023. That means that turning off a running machine without
shutting it down could cause disk corruption. Delayed hibernation will
help prevent one cause of that, at least.

The release announcement also lists other changes, including improved support for RISC-V boards, basic support for Wi-Fi 6, the
graphics driver stack from Linux kernel 6.18, and even more
optimizations to the already-low-latency sound driver stack. There are
various tweaks and bug fixes for the various RISC
platforms it supports. Version upgrades include LibreSSL 4.3.0,
OpenSSH 10.3, and many improvements to the Berkeley Packet Filter (bpf) and Packet Filter firewall (pf), including source
and state limiters.

Desktop use is not the primary goal of OpenBSD, but you certainly
can. It includes multiple window managers and desktops, as documented
in its handbook – although this is slightly out of date. Version 7.9
includes GNOME 49, KDE Plasma 6.6, MATE 1.28, Xfce 4.20, LXQt 2.2, and
various more minimal window managers. It has its own X11 server, Xenocara, based on X.org 7.7 and
Xserver 21.1.21, but you can also run XLibre with some manual effort,
and some desktops support Wayland. There is also a downstream project to
build a live bootable medium called FuguIta, although it hasn’t caught up
with the new release just yet.

OpenBSD releases are each accompanied by a unique banner painting and theme tune. This time, it’s a swinging jazz instrumental called Diamond in
the Rough [MP3], which we really enjoyed. It’s by Bob Kitella, who along
with de Raadt is one of the team at the Alberta internet
exchange YYCIX.

Calling OpenBSD a diamond in the rough seems quite
appropriate. It does have some significant gaps in its
functionality, but it is small, clean, and secure. We very much enjoyed
a recent essay on ascetic computing by
Dave “Ratfactor” Gauer, in
which he discusses why his OS of choice is OpenBSD.

Out there in the chaos of the open source communities on the social
networks that this vulture visits, we often encounter great resistance
when we tell people that they’re experiencing problems because of their
poor choice of equipment. For an easy life and a reliable computing
experience, we advise against wireless devices (peripherals or
networks), Bluetooth audio devices, and so on. The vicissitudes of
Nvidia support on Linux have long been well understood, and eloquently
conveyed by Torvalds himself.

Avoid this stuff, use devices with plain old cables, and things tend
to work more easily and more reliably. Here, we are coming to
appreciate the OpenBSD stance on Bluetooth, for instance: it simply does
not support it at all. This approach reminds us of the way that Python
sliced through the Gordian knot of indentation styles. For instance,
this C
style guide [PDF] identifies 14 named indentation systems. Python
dispenses with all that by making indentation syntactically significant,
ending the flame wars at a stroke. Of course, many veterans howl their
dismay and rage at this – and yet Python consistently ranks as the
world’s favorite language, over
and over
and over
again. OpenBSD cuts through some of the complexities of Linux and
the other BSDs in a broadly similar way.

There has been some
controversy recently over OpenBSD’s inclusion of code written with
AI assistance. The OS includes the tmux
terminal multiplexer – and recently, the tmux developers accepted some LLM-assisted code, including the recent DECSET 2026
support. This is now also
in OpenBSD, and it’s not
the only one.

No LLM-created code has been committed directly into OpenBSD as yet – and it looks unlikely, if only for copyright reasons, as de Raadt
laid
out in March. The tmux changes were grandfathered in indirectly because OpenBSD has included tmux in its base system since 2009. We’ve
looked at the changes and they seem small, clean, and innocuous to us.
Arguably, the objection is an ideological one of purity. We fear that
OpenBSD may end up on the Open
Slopware list we mentioned in January. When we reported
recently on Fedora and Ubuntu’s AI moves, we mentioned the Stop slopware site and the No-AI Software
Directory. This probably means OpenBSD won’t appear on the latter either, but we suspect that the team will not care.

OpenBSD version upgrades are relatively simple, straightforward, and
well
documented. So, to take 7.9 for a spin, we first tried it in a
VirtualBox VM. Although it’s a small OS, it wants a large virtual drive because by default it creates nine separate partitions, and
because of their different permissions, they’re a key part of the OS’s
enviable security. Worse still, their sizes cannot be dynamically
adjusted. Since the installation program is a very low-tech plain-text
affair, it offers no help with customizing the layout: if you don’t like
its proposal, then you must devise your own completely from scratch. It
really would help massively if OpenBSD had some kind of simple Logical
Volume Manager.

Give it enough space, though, and installation goes smoothly. We
also tried on the bare metal of an old Lenovo ThinkPad X220, with its
own dedicated 128 GB SSD. This threw up an interesting wrinkle: it found
the machine’s Wi-Fi controller no problem, identifying it as an
Intel Centrino Advanced-N 6205 – but because the necessary firmware was not included on the 761 MiB ISO
download, it couldn’t activate the device, even though it let us enter our WLAN credentials. That’s a problem, as the installer defaults to
fetching the installation file sets from the internet. We plugged in an
Ethernet cable, and then installation continued and finished
successfully. The installer automatically installed the required
firmware package, so on our first reboot, the Wi-Fi connection came
online all on its own.

Installing this vulture’s preferred desktop
environment was as simple as logging in as root and
entering pkg_add xfce. Selecting it is not quite so easy,
though: OpenBSD’s display manager, xenodm,
lacks the ability to choose a desktop environment. To fix that, we
needed a one-line, two-word script: create an ~/.xsession file containing exec startxfce4, and that was it – a fully working graphical desktop. We added a second monitor, and it was
detected, added, and enabled automatically, and we could set it to
portrait mode in Xfce’s display settings.

Although the X11
section of the OpenBSD Handbook says that KDE’s
recently replaced SDDM is available, as far as we can tell, it has been removed from 7.9 – as has Ubuntu’s LightDM. Even so,
just saying “yes” when the installation program asks if you want GUI
results in a working Fvwm 2.2.5
environment.

The Reg FOSS desk has been exploring OpenBSD since version
7.1 in 2022, including 7.2,
7.5,
7.6,
7.7,
and 7.8.
It’s still not an easy OS to install, but if you can dedicate a computer
to it, installation is much easier. We recommend avoiding complexities
like dual-booting and multiple drives. As a small bonus, it boots and
installs perfectly from a Ventoy
multi-OS USB key.

OpenBSD still supports x86-32, there’s no trace of systemd and never
will be, and if you really want GNOME or KDE, you can have them.
Bringing up a GUI-based system remains substantially easier than it does
on FreeBSD. If you’re prepared to obtain the hardware it wants, rather
than hoping that it will support whatever kit you happen to already
have, this is an excellent way to improve your Unix skills – as well as
starting to enjoy computing again, free of the distractions of shinier
FOSS OSes. ®