Slashdot Mirror

Cowards Anonymous writes "OpenBSD 3.8 is out. It comes with improved hardware support, some improvements to the OSPF daemon, some new RAID management tools, among many others. Even if you plan on installing via FTP, why not order a CD copy, tshirt, or poster as well? "

Cowards Anonymous writes "OpenBSD 3.8 is out. It comes with improved hardware support, some improvements to the OSPF daemon, some new RAID management tools, among many others. Even if you plan on installing via FTP, why not order a CD copy, tshirt, or poster as well? "

Cowards Anonymous writes "OpenBSD 3.8 is out. It comes with improved hardware support, some improvements to the OSPF daemon, some new RAID management tools, among many others. Even if you plan on installing via FTP, why not order a CD copy, tshirt, or poster as well? "

Eh-Wire writes to tell us OpenBSD Journal is reporting that OpenBSD is officially ten-years-old today. After some confusion, it was decided that 10 years ago today marked the birth of OpenBSD when Theo de Raadt committed his makefile to CVS.

PrayingWolf writes "The lyrics for the OpenBSD 3.8 song "Hackers of the Lost RAID" have been released.
As always, remember to read the lefthand column for what the song is related to - this time it's about (you guessed it) RAID drivers..."

jpkunst writes "As reported on undeadly.org: an interesting interview with OpenBSD developer Marc Espie about the internals of and the philosophy behind the OpenBSD ports and packages system."

pgilman writes "It's official: OpenBSD 3.7 has been released. There are oodles of new features, including tons of new and improved wireless drivers (covered here previously), new ports for the Sharp Zaurus and SGI, improvements to OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, a new OSPF daemon, new functionality for the already-excellent ports & packages system, and lots more. As always, please support the project if you can by buying CDs and t-shirts, or grab the goodness from your local mirror."

pgilman writes "It's official: OpenBSD 3.7 has been released. There are oodles of new features, including tons of new and improved wireless drivers (covered here previously), new ports for the Sharp Zaurus and SGI, improvements to OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, a new OSPF daemon, new functionality for the already-excellent ports & packages system, and lots more. As always, please support the project if you can by buying CDs and t-shirts, or grab the goodness from your local mirror."

pgilman writes "It's official: OpenBSD 3.7 has been released. There are oodles of new features, including tons of new and improved wireless drivers (covered here previously), new ports for the Sharp Zaurus and SGI, improvements to OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, a new OSPF daemon, new functionality for the already-excellent ports & packages system, and lots more. As always, please support the project if you can by buying CDs and t-shirts, or grab the goodness from your local mirror."

pgilman writes "It's official: OpenBSD 3.7 has been released. There are oodles of new features, including tons of new and improved wireless drivers (covered here previously), new ports for the Sharp Zaurus and SGI, improvements to OpenSSH, OpenBGPD, OpenNTPD, CARP, PF, a new OSPF daemon, new functionality for the already-excellent ports & packages system, and lots more. As always, please support the project if you can by buying CDs and t-shirts, or grab the goodness from your local mirror."

Eh-Wire writes "Theo has announced the release of the lyrics to the OpenBSD 3.7 song "The Wizard of OS". Theo writes in the announcement, "Please be sure read the commentary I have written next to the lyrics of the song. The artwork and lyrics for each of our releases relate to something big we have been dealing with over the last 6 months of the release -- our fight to get programming documentation and redistributable firmwares.""

Sam writes "The OpenBSD cvs server has a failing RAID array. Users of the projects on that array: OpenBSD, OpenSSH, OpenBGPD, OpenNTPD, and the upcoming OpenCVS are all invited to contribute towards the $12,500 cost of a suitably high-spec replacement. OpenBSD Journal article, and original request (thread)."

UnderScan writes "As seen on openssh-unix-announce: 'OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.' See the changelog or the freshmeat.net changes summary for more details."

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

thequbemaster writes "The OpenBSD project, responsible for OpenSSH, OpenBGPD, and OpenNTPD, has created OpenCVS, a BSD licensed implementation of CVS client and server. From the site: 'It aims to be as compatible as possible with other CVS implementations, except when particular features reduce the overall security of the system. The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.' No releases are available yet. The README in the OpenCVS CVS repository states that the server is not ready yet, but looks like the client is usable." Update: 12/15 20:18 GMT by T : This project was mentioned briefly the other day, too.

Jeferey Bakins writes "In an effort, by Jean-Francois Brousseau (jfb@openbsd.org), to rid the OpenBSD CVS tree of GPL'ed licensed code, OpenCVS is now officially part of the OpenBSD project. For more details, see the OpenCVS homepage; http://www.openbsd.org/opencvs/"

44BSD writes "As noted at undeadly, the OpenBSD Project has announced an BSD-licensed implementation of the Border Gateway Protocol, BGP. Project details, design goals, documentation, and more are at the project web site. BGP is documented in RFC 1771. Lucky for Cisco, BSD is dying..."

grey writes "The Age has a story up about how the OpenBSD community has been contacting wireless chipset vendors to license their firmware binaries under terms that would allow for free redistribution. This is important, because even with existing GPL and BSD licensed drivers for these chipsets, the drivers don't function without first loading onerously licensed firmware binaries which can only be acquired from the vendor, not shipped by an OSS provider." (Read more, below.)

grey continues "This means that currently, these wireless NIC's don't work out of the box on OSS install or boot media. In just the first 4 days, hundreds of users wrote and called vendors, and already 2 vendors freed their firmware, and several others are in discussions with Theo de Raadt about taking similar steps.

We need your help! TI has still not responded at all. You can call or write to Bill Carney, - Director of Business Development of TI's WNBU to add to the approximately 400 well written messages the OpenBSD community has already sent to TI. We hope that you'll help, and if you do please keep messages polite and to the point. Please remember, we are not asking for the vendors to open source their firmware under the GPL or BSD licenses (though we wouldn't complain if they did). Instead, ask if they would simply email Theo to open discussions on licensing their firmware binaries under terms that allow for free redistribution. If changed, these firmware binaries would then be able to be included with OSS software and function with existing BSD and GPL licensed device drivers from the start.

You can find other contacts for target vendors here, here, here, and here, and it can't hurt to sign this petition. These changes aide all OSS efforts, not just OpenBSD. As you can see from the OpenBSD community's results already, contacting these vendors really does make a difference. We're sure that with the numbers of OSS minded readers in the Slashdot community you can really help with the heavy lifting where fewer numbers of BSD users have already begun to succeed, and all Open Source Software users will benefit."

grey writes "The Age has a story up about how the OpenBSD community has been contacting wireless chipset vendors to license their firmware binaries under terms that would allow for free redistribution. This is important, because even with existing GPL and BSD licensed drivers for these chipsets, the drivers don't function without first loading onerously licensed firmware binaries which can only be acquired from the vendor, not shipped by an OSS provider." (Read more, below.)

grey continues "This means that currently, these wireless NIC's don't work out of the box on OSS install or boot media. In just the first 4 days, hundreds of users wrote and called vendors, and already 2 vendors freed their firmware, and several others are in discussions with Theo de Raadt about taking similar steps.

We need your help! TI has still not responded at all. You can call or write to Bill Carney, - Director of Business Development of TI's WNBU to add to the approximately 400 well written messages the OpenBSD community has already sent to TI. We hope that you'll help, and if you do please keep messages polite and to the point. Please remember, we are not asking for the vendors to open source their firmware under the GPL or BSD licenses (though we wouldn't complain if they did). Instead, ask if they would simply email Theo to open discussions on licensing their firmware binaries under terms that allow for free redistribution. If changed, these firmware binaries would then be able to be included with OSS software and function with existing BSD and GPL licensed device drivers from the start.

You can find other contacts for target vendors here, here, here, and here, and it can't hurt to sign this petition. These changes aide all OSS efforts, not just OpenBSD. As you can see from the OpenBSD community's results already, contacting these vendors really does make a difference. We're sure that with the numbers of OSS minded readers in the Slashdot community you can really help with the heavy lifting where fewer numbers of BSD users have already begun to succeed, and all Open Source Software users will benefit."

grey writes "The Age has a story up about how the OpenBSD community has been contacting wireless chipset vendors to license their firmware binaries under terms that would allow for free redistribution. This is important, because even with existing GPL and BSD licensed drivers for these chipsets, the drivers don't function without first loading onerously licensed firmware binaries which can only be acquired from the vendor, not shipped by an OSS provider." (Read more, below.)

grey continues "This means that currently, these wireless NIC's don't work out of the box on OSS install or boot media. In just the first 4 days, hundreds of users wrote and called vendors, and already 2 vendors freed their firmware, and several others are in discussions with Theo de Raadt about taking similar steps.

We need your help! TI has still not responded at all. You can call or write to Bill Carney, - Director of Business Development of TI's WNBU to add to the approximately 400 well written messages the OpenBSD community has already sent to TI. We hope that you'll help, and if you do please keep messages polite and to the point. Please remember, we are not asking for the vendors to open source their firmware under the GPL or BSD licenses (though we wouldn't complain if they did). Instead, ask if they would simply email Theo to open discussions on licensing their firmware binaries under terms that allow for free redistribution. If changed, these firmware binaries would then be able to be included with OSS software and function with existing BSD and GPL licensed device drivers from the start.

You can find other contacts for target vendors here, here, here, and here, and it can't hurt to sign this petition. These changes aide all OSS efforts, not just OpenBSD. As you can see from the OpenBSD community's results already, contacting these vendors really does make a difference. We're sure that with the numbers of OSS minded readers in the Slashdot community you can really help with the heavy lifting where fewer numbers of BSD users have already begun to succeed, and all Open Source Software users will benefit."

An anonymous reader writes "There is a mounting excitement for the upcoming OpenBSD 3.6 release, as it is the first release that supports multiprocessor systems. To celebrate the event, ONLamp.com published an interview with several developers to discuss new features, tools, and future plans."

NekkidBob writes "OpenBSD, my personal favorite *BSD, turns 9 years old today. And with only 1 remote hole in the default install, I'd say that is a pretty good acheivement. The first commit was at 16:36 MST on Saturday, October 14, 1995. Happy birthday OpenBSD!"

Puff writes "The song for the upcoming release of OpenBSD 3.6 is now official. Available as mp3 and ogg."

Puff writes "The song for the upcoming release of OpenBSD 3.6 is now official. Available as mp3 and ogg."

Puff writes "The song for the upcoming release of OpenBSD 3.6 is now official. Available as mp3 and ogg."

Puff writes "The song for the upcoming release of OpenBSD 3.6 is now official. Available as mp3 and ogg."

Dr.Milius writes "Henning Brauer of the OpenBSD project recently made an interesting post to the openbsd-tech mailing list about how a mountain bike ride helped him relate two baffling bugs in their new BGP and NTP daemons. It turns out they were both off-by-one errors that were easy to fix but notoriously difficult to spot. Always great when the experts show us how it's done."

Dr.Milius writes "Henning Brauer of the OpenBSD project recently made an interesting post to the openbsd-tech mailing list about how a mountain bike ride helped him relate two baffling bugs in their new BGP and NTP daemons. It turns out they were both off-by-one errors that were easy to fix but notoriously difficult to spot. Always great when the experts show us how it's done."

*no comment* writes "Normally vulnerability reports on slashdot wouldn't make it because there are so many. This one however is for the normally very secure OpenBSD. Someone can crash an OpenBSD bridge using a newly discovered ICMP exploit. More can be read here. This shouldn't affect most people as this only affects people that use OBSD as a bridge."

GMan00 writes "A flurry of BSD UNIX-related (Berkeley Software Distribution) books have hit the bookstores during the recent past, and more are on the way. From books specific to Secure Architectures with OpenBSD in April 2004 and the reissue of The Design and Implementation of the BSD Operating System for FreeBSD 5.x (expected in August 2004), to Michael Lucas' series of BSD Books from NoStarch Press, print documentation is certainly available for those interested in learning about the free, open source UNIX system which powers operations such as Yahoo! portal and Sendmail.org website, Verio and Pair hosting, not to mention web server survey site Netcraft. Dru Lavigne's BSD Hacks (O'Reilly and Associates, May 2004), is the latest book in these releases, and is an enormously useful resource for system administrators and end-users alike." Read on for the rest of George's review. BSD Hacks author Dru Lavigne pages 427 publisher O'Reilly & Associates rating 10 reviewer George ISBN 0596006799 summary A great array of hacks you can perform on your BSD box, many applicable to all the BSDs, including FreeBSD, NetBSD, OpenBSD and Darwin/OS X.

Dru writes the BSD Basics column on O'Reilly & Associates' OnLamp. Her clarity and fluid style are perfect for those looking to understand aspects of the BSD operating systems. I have had some email communications with Dru about various New York City *BSD User Group-related activities, and managed to speak with her several times at BSDCan this past May.

Like most computer nerds, Dru has a sense of humor. Unlike most, however, she's actually funny.

BSD Hacks is the first book that is almost solely focused on hacks for sysadmins, without boring you with the details for basic operating system installation and configuration that has been so well documented elsewhere. BSD Hacks is not just for sysadmins, though. Intermediate and advanced BSD users will also find the book an excellent tool. For those who find difficulty in BSD installs and other fundamentals, on the other hand, it's best to start with the FreeBSD Handbook, the NetBSD Guide or the OpenBSD FAQ.

There's lots of good hacks buried in the various BSD books, around the internet in different HOWTOs and tutorials. But BSD hacking is the sole purpose of BSD Hacks; there's no need to browse through install screens and overviews of TCP/IP before getting to the heart of the matter.

With 100 listed hacks, multiplied by an impressive level of detailed angles for each, Dru provides an array that demands the placement of this book right in your server room, not in a pile of "must-read-at-some-distant-point-in-the-future" texts.

The majority of hacks are applicable to all the BSDs, including Darwin and OS X, although some are specific to one BSD or another.

This review obviously can't list every hack, although you would be smart to sit and work through the book yourself over a weekend or two. But it is possible to provide a good flavor of BSD Hacks in brief. O'Reilly and Associates does give a good glimpse on their Sample Hacks page, but let's do a quick work through ourselves.

The first chapter is called "Customizing the User Environment," and is probably best for end-users looking to go beyond their first steps. But it does include some useful hacks, such as "Use an Interactive Shell" that certainly fit well into the arsenal of any sysadmin, not to mention Hack #12 "Use Multiple Screens on One Terminal."

The second chapter, "Dealing with Files and Filesystems" also contains gems for both end-users and sysadmins. The use of mtree, which maps a directory hierarchy, is mentioned as a tool for recovery. Later on in chapter 6, Dru details its use for making a hacked data integrity checker, thus filling the role often played by products such as Tripwire.

Another great tool Dru covers in the second chapter is g4u, a free ghosting program that gives you the ability to perform quick restores over ftp. Ghosting a drive image is an incredibly useful tool, whether it's about replicating servers or doing a quick reinstall and configuration when a server fails in an emergency.

Chapter 3 is entitled "Boot and Login Environments." It gives some hacks that aren't just for basic system administration, but also some useful security ones including changing your /etc/passwd file to Blowfish encryption and utilizing OPIE for one-time passwords, which is built into FreeBSD.

"Backup Up" is the focus of Chapter 4. It includes some very creative methods of dealing with maintaining that necessity, and also includes an excellent primer on Bacula, which is increasingly gaining prominence as a cross-platform backup system.

Chapter 5 covers "Network Hacks," and continues on educating a sysadmin. Included in this chapter is the tcpdump program, a vital tool for watching traffic flowing by your network interfaces.

There's a strong security focus in Chapter 6, entitled "Securing the System." While security hacks are sprinkled generously throughout the book, this chapter works with firewalling with IPF and PF, in addition to covering SSH and Snort. It also includes the earlier mentioned 'intrusion detection-lite' approach with mtree.

Chapter 7, "Going Beyond the Basics" explores scripting, analyzing dreaded buffer overflows and more. Dru also includes a bit on "Creating a Trade Show Demo," not something you'd expect documented in print anywhere, but nevertheless quite useful for anyone working for the BSDs at a conference.

Dru continues with "Keeping Up-to-Date" in Chapter 8, which includes useful details on upgrading and downgrading your installed ports.

The final chapter is "Grokking BSD." "Grok," as Dru comments, refers to the science fiction writer Heinlein's Martian phrase for having a "thorough understanding." Dru covers creating your own manual pages, dealing with custom patches, playing with dictionaries and more.

Certainly there are no walls between each chapter, as many of the hacks could be shifted around. All the more reason to work your way through the book from beginning to end.

One useful addition for this book could have been somehow denoting which of the BSDs (in some cases, it's all of them) to which each listed hack can be applied. Certainly not all are available to Darwin and Apple's OS X. And certainly there's no point in making the OpenBSD /etc/passwd file encrypted in Blowfish, since that is its default.

While many of the hacks are found somewhere in the manual pages, on some useful website, buried in another book or in the minds of some developer somewhere, they're not necessarily in the annals of official documentation. But there's no single book or site that provides the depth and breadth that Dru provides. She managed to tap into the thoughts of dozens of developers and sysadmins around the world, greatly enhancing the variety of hacks in this book.

As a side note, the scope of BSD Hacks isn't limited to just the BSD family. Many of these are likely applicable to Linux and the other UNIX systems. But with recent, impressive increases in the BSD install base, there's a good chance that you can access a BSD box somewhere.

Whether you're a sysadmin managing hundreds of servers, or a power user ready to go beyond the obvious, BSD Hacks belongs next to your CRT.

You can purchase BSD Hacks from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

eeg3 writes "NewsForge has a review of OpenBSD 3.5. It encompasses a fair amount of information, more specifically it details security, cryptography, installation, and new features." While not afraid to point out OpenBSD's shortcomings as a desktop OS, it's still a good tour of possibly the most secure OS. NewsForge and Slashdot are both owned by OSDN.

eeg3 writes "NewsForge has a review of OpenBSD 3.5. It encompasses a fair amount of information, more specifically it details security, cryptography, installation, and new features." While not afraid to point out OpenBSD's shortcomings as a desktop OS, it's still a good tour of possibly the most secure OS. NewsForge and Slashdot are both owned by OSDN.

GMan00 writes "Daemon News' latest May EZine has been released online. This issue covers BSDCan which was held last weekend in Ottawa, Canada. As you'll see from the DN EZine, the conference was a great success, with some 170 developers, sysadmins and end-users from around the world. Some travelled as far away as Japan, the Ukraine and the Netherlands. Speakers included Jun-ichiro itojun Hagino of the IETF and a lead authority on IPv6 besides being the NetBSD Security Officer, Theo de Raadt of OpenBSD, Poul-Henning Kamp, the creator of the FreeBSD GEOM Disk i/o subsystem, and Robert Watson, the founder of the TrustedBSD Project. Dan Langille, the brain behind FreeBSDDiary and FreshPorts, organized the conference and is planning a repeat performance next May."

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5. We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"

Daniel Hartmeier writes "OpenBSD developer Ryan McBride explains the new firewall redundancy features in the upcoming OpenBSD 3.5 release in his article Firewall Failover with pfsync and CARP. CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes. The combination allows to replace single-point-of-failure firewalls with clusters of two (or more) nodes, which continue to filter ongoing and new connections when nodes fail. Additional features like arpbalance allow one to share a single IP address for multiple servers, transparently balancing load among them, and adapting to servers failing. Pre-order for OpenBSD 3.5 has started, CDs will ship May 1st."

Daniel Hartmeier writes "OpenBSD developer Ryan McBride explains the new firewall redundancy features in the upcoming OpenBSD 3.5 release in his article Firewall Failover with pfsync and CARP. CARP (Common Address Redundancy Protocol) is a free alternative to the patent-encumbered VRRP, responsible for electing masters in a firewall cluster, while pfsync syncronizes packet filter state information among nodes. The combination allows to replace single-point-of-failure firewalls with clusters of two (or more) nodes, which continue to filter ongoing and new connections when nodes fail. Additional features like arpbalance allow one to share a single IP address for multiple servers, transparently balancing load among them, and adapting to servers failing. Pre-order for OpenBSD 3.5 has started, CDs will ship May 1st."

Ash'aman writes "The OpenBSD crew have just posted lyrics and illustrations for the upcoming release of OpenBSD 3.5. Included is a hillarious parody of the Monty Python 'cat license' sketch with respect to their battle against software patents over redundancy protocols. Check it out here." The sketch is ready; the software is listed with a May 1st release date. As several Monty Python fans have pointed out, the original sketch is officially called the fish license sketch; the cat just comes earlier in the script.

Ash'aman writes "The OpenBSD crew have just posted lyrics and illustrations for the upcoming release of OpenBSD 3.5. Included is a hillarious parody of the Monty Python 'cat license' sketch with respect to their battle against software patents over redundancy protocols. Check it out here." The sketch is ready; the software is listed with a May 1st release date. As several Monty Python fans have pointed out, the original sketch is officially called the fish license sketch; the cat just comes earlier in the script.

Ash'aman writes "The OpenBSD crew have just posted lyrics and illustrations for the upcoming release of OpenBSD 3.5. Included is a hillarious parody of the Monty Python 'cat license' sketch with respect to their battle against software patents over redundancy protocols. Check it out here." The sketch is ready; the software is listed with a May 1st release date. As several Monty Python fans have pointed out, the original sketch is officially called the fish license sketch; the cat just comes earlier in the script.

Rathumos writes "The network security world has been waiting patiently for a definitive study of internet worms and defenses against them. Defense and Detection Strategies against Internet Worms by Dr. Jose Nazario has arrived to fill that space with a clear and concise analysis of the current state of worm defense." Read on for the rest of Rathumos' review. Defense and Detection Strategies against Internet Worms author Jose Nazario pages 322 publisher Artech House rating 10 reviewer Duncan Lowne ISBN 1580535372 summary This book provides a solid approach toward detection and mitigation of worm-based attacks.

Publishing a book on a subject as dynamic as internet worms can never result in a complete volume. The near-weekly outbreaks of modified versions of old worms and completely new designs is enough to frustrate the efforts of even the most prolific anti-virus software developers, let alone those who try to provide an overview of their study.

Nevertheless, Nazario accomplishes a clear and concise summary of the state of worms today. Seeded by a paper ('The Future of Internet Worms', Nazario, Anderson, Connelly, Wash) written in 2001, Defense and Detection Strategies against Internet Worms encourages the reader to focus on the directions worm development might take in the future, with a specific view toward anticipation of, and prepartion for, future attacks.

The book begins with a discussion of the departure worms take from traditional computer virii. An outline of the benefits for the black-hat toward a worm-based attack, as well as a brief analysis of the threat model posed by worms, provide ample reason for the computer security professional to take the study of internet worms very seriously.

Beyond this introduction, the book is laid out in four major sections. The first introduces to the reader some background information crucial to the study of worms. The author discusses the history and taxonomy of past worm outbreaks, from their sci-fi origins (think John Brunner's Shockwave Rider) through modern-day outbreaks. A thorough analysis of various worms' traffic patterns is presented, with data broken down by infection rates, number of infected hosts, and number of sources probing specific subnets. Finally, the construction and lifecycle of worms are presented, with particular attention paid to the interaction between the worms' propagation techniques and the progression of their lifecycles.

The second section of the book (ch. 6 - 8) studies the trends exhibited by past worm outbreaks. Beginning with an examination of the processes and mechanisms of infection, it progresses on to a survey of the network topologies generated by a worm's distribution. Specific infection patterns are examined, along with case studies of worm outbreaks that have exhibited such patterns. Further, this section examines the common characteristics of vulnerable targets, from older UNIX and VMS mainframes through desktop systems onward to infrastructure equipment and embedded systems. A discussion of the payload transmission methods that have made recent worm attacks so devastatingly effective, and an explaination of why liberal use of a clue-hammer on users is not by itself enough to control and prevent further outbreaks, complement chapter nine's analysis and speculation of the future of internet worms.

Section three (ch. 9 - 11) focuses on worm detection strategies, and is more distinctly aimed at the already-overworked network security professional. Effective methods of detecting scans and analyzing a worm's scan engine are presented with a focus on timely and efficient protection from further infection. Monitoring techniques for quickly recognizing, analyzing and responding to worm outbreaks leads into a detailed description of well-placed honeypots and dark network monitors ("black holes"). Discussion of the (so-far) most effective method of worm detection, signature analysis, completes the section, and covers host-based and logfile signatures, along with a brief overview of analyzing logfiles using commonly available utilities.

The final section of the book (ch. 12 - 16), per the book's namesake, aims at defense strategies against worm outbreaks. Beginning with the obvious first steps which anyone reading the book ought to have implemented (firewalls, virus detection software, sandboxing, and patching-patching-patching), the section progresses into less widely used but equally important proxy-based defense methods, and continues on to cover slowing down infection rates and fighting back against existing worm networks. For the sake of thoroughness, an overview of the legal implications of attacking worm nodes receives its fair share of attention simply to alert the reader of the potential pitfalls of proactive defense.

Defense and Detection Strategies against Internet Worms is decidedly aimed at the experienced network security professional, but holds a much broader appeal than most technical books. With its thorough historical analysis of worm progression over the past thirty years, anyone with even a remote interest in the past, present or future of the only network security issues to consistently make headlines in the mainstream press will find this both an entertaining and enlightening read. Overall, it makes a valuable addition to any geek's bookshelf.

You can purchase Defense and Detection Strategies against Internet Worms from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

schnarff writes "Users of OpenBSD have been asking the Folding@Home team for a port of their distributed computing client since at least May of 2002; I've helped out by figuring out how to run F@H under Linux emulation (mirror of instructions). Note that this procedure should work for NetBSD as well with some minor modifications."

JigSaw writes "The GNU-Darwin Distribution is a free BSD operating system and a popular source of free software for Mac OS X and Darwin-x86 users, but it is also a platform for digital activism. Founder Michael L. Love wrote an editorial speaking about the roots, goals, problems and just about everything about GNU-Darwin. Free Software is at the core of GNU-Darwin and also anything political that has an impact on digital and even rights. Is this the first truly politically oriented BSD OS?" Nope.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."