Slashdot Mirror

Jessie writes "OpenBSD just gained high availability functionality in the form of a new protocol named CARP, the Common Address Redundancy Protocol. This feature was a long time in the coming due to Cisco's patent on VRRP, requiring the development of something completely new and more secure. This article on KernelTrap offers details on OpenBSD's impressive new protocol, from how it works to how it got its name."

shking writes "Theo has pre-released the OpenBSD 3.4 song. It was written, arranged & recorded by Ty Semaka and Jonathan Lewis of the Plaid Tongued Devils. You can find the new song at www.openbsd.org/lyrics.html. Enjoy."

An anonymous reader writes "The OpenSSH team has uncovered multiple exploitable vulnerabilities in the days-old portable release of OpenSSH. That's right folks: time to patch *again*. 3.7.1p2 is now available. Instructions and mirror list here. Please note that this vulnerability only affects *portable* OpenSSH--so if you are running OpenBSD, you're safe. This vulnerability apparently has to do with PAM, so you can use the 'UsePam no' option in your config file. Info on the advisory here and here."

robotdreams writes "Once again BSDCon showcases the BSD community's long history of innovative research, open exchange of ideas, and collaborative work. Tutorials this year feature: an intensive code walkthrough of the new FreeBSD 5.x release, debugging kernel problems on live systems, advanced BSD system and network security, and FreeBSD's new GEOM disk I/O subsystem." Since BSDCon runs from September 8th through 12th, you're probably either already going or out of luck ;) On the other hand, you're still early for OpenBSD 3.4, now taking pre-orders -- details below.

An anonymous reader writes "Pre-orders for the OpenBSD project's latest release, 3.4, are now being taken. This release will ship around November 1st. Significant enhancements have been made in this release, including i386 switch to ELF executable format, further W^X improvements for i386, ld.so on ELF platforms now loads libraries in a random order for greater resistance to attacks, inclusion of a static bounds checker to the compiler for basic checks on functions which accept buffers and sizes, strcpy/strcat function audit to replace with safer strlcpy/strlcat, ProPolice stack protection in the kernel, further manual page cleanups, large number of bug fixes and optimizations to the packet filter (PF) including packet tagging, stateful TCP normalization, passive OS detection, SYN proxy, and adaptive state timeouts, and many other improvements to the rest of the system.

Order a CD from the OpenBSD store. Ordering a CD helps support the project, as a bonus you get cool stickers, artwork, and an audio track!"

The same reader sent links to more information on this release, including new features, and the changelog between 3.3 and 3.4.

robotdreams writes "Once again BSDCon showcases the BSD community's long history of innovative research, open exchange of ideas, and collaborative work. Tutorials this year feature: an intensive code walkthrough of the new FreeBSD 5.x release, debugging kernel problems on live systems, advanced BSD system and network security, and FreeBSD's new GEOM disk I/O subsystem." Since BSDCon runs from September 8th through 12th, you're probably either already going or out of luck ;) On the other hand, you're still early for OpenBSD 3.4, now taking pre-orders -- details below.

An anonymous reader writes "Pre-orders for the OpenBSD project's latest release, 3.4, are now being taken. This release will ship around November 1st. Significant enhancements have been made in this release, including i386 switch to ELF executable format, further W^X improvements for i386, ld.so on ELF platforms now loads libraries in a random order for greater resistance to attacks, inclusion of a static bounds checker to the compiler for basic checks on functions which accept buffers and sizes, strcpy/strcat function audit to replace with safer strlcpy/strlcat, ProPolice stack protection in the kernel, further manual page cleanups, large number of bug fixes and optimizations to the packet filter (PF) including packet tagging, stateful TCP normalization, passive OS detection, SYN proxy, and adaptive state timeouts, and many other improvements to the rest of the system.

Order a CD from the OpenBSD store. Ordering a CD helps support the project, as a bonus you get cool stickers, artwork, and an audio track!"

The same reader sent links to more information on this release, including new features, and the changelog between 3.3 and 3.4.

robotdreams writes "Once again BSDCon showcases the BSD community's long history of innovative research, open exchange of ideas, and collaborative work. Tutorials this year feature: an intensive code walkthrough of the new FreeBSD 5.x release, debugging kernel problems on live systems, advanced BSD system and network security, and FreeBSD's new GEOM disk I/O subsystem." Since BSDCon runs from September 8th through 12th, you're probably either already going or out of luck ;) On the other hand, you're still early for OpenBSD 3.4, now taking pre-orders -- details below.

An anonymous reader writes "Pre-orders for the OpenBSD project's latest release, 3.4, are now being taken. This release will ship around November 1st. Significant enhancements have been made in this release, including i386 switch to ELF executable format, further W^X improvements for i386, ld.so on ELF platforms now loads libraries in a random order for greater resistance to attacks, inclusion of a static bounds checker to the compiler for basic checks on functions which accept buffers and sizes, strcpy/strcat function audit to replace with safer strlcpy/strlcat, ProPolice stack protection in the kernel, further manual page cleanups, large number of bug fixes and optimizations to the packet filter (PF) including packet tagging, stateful TCP normalization, passive OS detection, SYN proxy, and adaptive state timeouts, and many other improvements to the rest of the system.

Order a CD from the OpenBSD store. Ordering a CD helps support the project, as a bonus you get cool stickers, artwork, and an audio track!"

The same reader sent links to more information on this release, including new features, and the changelog between 3.3 and 3.4.

DrCarbonite (Jeff Martin) writes "I've used OpenBSD in the past, and benefitted from its extensive online documentation. Sometimes an off-line reference is useful (i.e. required), and Absolute OpenBSD fills this void." Read on for the rest of Martin's review, as well as a more critical one from Marius Aamodt Eriksen. Absolute OpenBSD: UNIX for the Practical Paranoid author Michael W. Lucas pages 489 publisher No Starch Press rating 8 reviewer Jeff Martin, Marius Aamodt Eriksen ISBN 1886411999 summary Well-written guide to administering OpenBSD for the intermediate to advanced user.

OpenBSD is not your average open source operating system, and consequently it does not have an average user community supporting it on the Internet. Absolute OpenBSD (AOB) by Michael W. Lucas, bills itself as "the definitive guide to OpenBSD." In addition to detailing the operating system (OS), Lucas does a wonderful job of illustrating and preparing new users for the different community surrounding OpenBSD.

A book like AOB is going to introduce many new users to OpenBSD, and it would be a disservice both to the existing community and the newcomers to not explain OpenBSD's culture. Thus, the first two chapters discuss the OpenBSD philosophy and also show the user how to become self-supporting when it is time to solve problems rather than flooding the mailing lists with easily answerable questions.

Critics may feel OpenBSD's rugged individualism is an indictment of its usability, but then they may be better served by a different OS.

The next few chapters focus on the installation of OpenBSD. AOB covers both dedicated and multi-boot installations. Most serious users will likely choose the dedicated installation, however Lucas points out that may not be an option for someone looking to sample OpenBSD, or for those users who wish to share a common data partition. Both types are covered, allowing the reader to decide which is most appropriate. Important installation caveats are also mentioned, such as OpenBSD's requirement that its root partition must be completely contained within the first 8 gigabytes of the hard drive. Although OpenBSD supports several different hardware platforms, when specifics are required Lucas focuses on the i386 platform. Lucas does a good job explaining the concepts, so users of non-Intel hardware should have minimal difficulty installing on their particular hardware.

Following the installation discussion, Chapter 6 covers OpenBSD's booting process and its /etc/rc scripts. Lucas' explanations go beyond simply itemizing these different aspects, choosing instead to provide the reader with the reasons a certain option may be needed. Expert users will already know when they wish to boot in single-user mode, but others will appreciate the discussion on how to boot alternate kernels, run fsck, and boot from alternate hard disks.

OpenBSD is promoted as a secure OS, and AOB is diligent in covering this aspect. File flags and securelevels are introduced and discussed. Lucas does a good job explaining what they do and what acceptable scenarios would be for their application. OpenBSD's systrace utility is explained in detail. Writing systrace policies, generating them using the policy-generation tool, and obtaining predefined policies from the Internet is described in depth.

OpenBSD administrative information receives attention as well. Chapters 11 and 12 cover configuring and building custom kernels. The treatment in Chapter 13 of compiling ports and installing packages is very helpful-- and in fact necessary for those looking to install essential utilities such as fortune.

OpenBSD's ports system was originally adapted from that in FreeBSD, and users of that OS may see some similarities. Users from a different background will appreciate the primer.

Three chapters of AOB are devoted to OpenBSD's in-kernel packet filter, pf. This is arguably one of OpenBSD's best features, and Lucas suitably spends a lot of time discussing it. Chapter 17 covers basic pf usage, such as explaining pf's configuration file, tables, and macros. In addition, Lucas takes a timeout to also explain pf's suitability for particular tasks. Chapter 18 describes advanced applications of pf, including network address translation, load balancing, and bandwidth management. Chapter 19 concludes with managing live pf execution. Correctly managing a live firewall on-the-fly is important for sites requiring high uptime, and Lucas does well in explaining the various methods available for logging, viewing statistics, and rule management. Wrapping up, AOB also describes how to configure authenticated pf access by authorized users. "pf" has a lot of power, and spreading the material over 3 chapters worked well in presenting the reader with information at a manageable rate.

One of the strengths of an OS-specific book such as AOB is that the material covered benefits from a more focused approach. If it doesn't apply to OpenBSD, it doesn't need to be covered. Lucas has an experienced background in system administration, and this experience shines through well in the material. His remarks about the dangers of a system with open access via RPC seem especially prophetic in light of current events -- and not mindless ranting.

Overall, AOB is a well-written book that hits its market squarely on target. Those new to OpenBSD will appreciate the comprehensive approach that takes them from concept to functional execution. Existing and advanced users will benefit from the discussion of OpenBSD-specific topics such as the security features and pf administration. Lucas does well in his attempt to increase the number of those who would be practical paranoids.

Marius's turn: Reviewer Marius Aamodt Eriksen also liked some aspects of Absolute OpenBSD, but found more faults in it; his critique may help you decide whether this book is for you (and he disagrees about the match between the book and its audience). He writes:

The book covers a very broad area, but it lacks depth in some parts. Perhaps my biggest problem with Absolute OpenBSD is that it should have focused more the features that make OpenBSD unique: its security features. For example, it does not cover IPsec. Many of the various security features of OpenBSD are mentioned, but few are covered in much detail.

Michael Lucas' writing style is quite relaxed and informal. However, this often gets in the way of content. The numerous rants about how Windows security sucks simply get irritating. It is distracting from the focus of the book and simply unneccessary. Also, the tangents on TCP/IP and various other underlying technologies likewise deviate from the focus of the book. Lucas also does not hesitate to express personal opinions and views on a range of subjects. Though I typically have no problems with authors expressing their views, Lucas' tend to be unfounded and not well argued; they too are simply distracting. At times, it almost felt like Lucas was trying to put down less experienced people, teaching them lessons they "should know." I cannot imagine that this is what the typical audience of the book are looking for.

Absolute OpenBSD makes little effort to cover the various architectures that are supported by OpenBSD. The install section only covers i386; though probably not an issue for most users, it would be nice to have a more complete reference.

Otherwise, I would consider the contents of the book to be quite complete, and most definitely sufficient to provide a good introduction to OpenBSD and many of its neat features. An entire chapter is devoted to how to find more help, covering the various documentation, man pages and mailing lists. This is an excellent idea, and makes up for most of the (content) shortcomings of the book.

The PF (Packet Filter) section was very good; it covered a very broad set of features that PF provides, while carrying sufficient technical detail. The examples were very illustrative and appropriate for the text.

I spotted a few technical errors while reading the book. The editing also seems a bit rushed: in addition to the technical errors, there a number of typos. Unfortunately, there isn't an errata section on the book's website; I strongly recommend Lucas and his publisher make one available.

My biggest problem with Absolute OpenBSD is that it is not true to its audience. I imagine that the audience is one which would like to know how to do something in OpenBSD without being told how "real system administrators" do it, or how much Microsoft sucks. My recommendation to Lucas would be to write Absolute System Administration and leave it out of Absolute OpenBSD. I do not mean to sound harsh, merely critical. The book has very many good sides, and by many counts is an excellent reference for people looking to migrate to OpenBSD. I would not have any problems recommending it to anyone who wanted to migrate to OpenBSD or see what it's about -- just be wary of the distractions.

You can purchase Absolute OpenBSD from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Dan writes "Daniel Hartmeier says that the OpenBSD hackathon is over and provides a summary of the pf related work that was done in Calgary this year. Accomplishments include packet tagging, TCP scrubbing and normalization extentions, SYN proxy, adaptive timeouts and minor bug fixes. Henning Brauer points out that the binary format of pf logs has changed to log additional items."

An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"

An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"

Dan writes "Jason Ish has updated the redhat/base OpenBSD port from Red Hat 6.2 to Red Hat 8.0. The email note is a few days old, but the port seems to have been committed yesterday. So far he has tested with Opera and Netscape. If you run any Linux apps on OpenBSD, you are encouraged to test these commits and provide feedback. (Several people have reported success running Opera 6.12, Opera7 with some tweaks, and Netscape)."

scubacuda writes "Jon Lasser of the Register opines that we should "give up on the notion that computer security can be improved by putting more people in prison." He argues that a "harm reduction" approach (similar to that of "clean needle" campaign in the War on Drugs) might be more productive. If we, say, wrote in safer programming languages, used tools like Immunix's StackGuard, ProPolice, or OpenBSD 3.3, chroot and UML, we could reduce the damage a malicious hacker might do without damaging our civil liberities."

Mortimer.CA writes "The OpenBSD Journal has an article with more info on cutting of the OpenBSD funding. It seems that the funding was partially cut due to worries about "capable nation-states". Also Mark West asked the hotel to cancel all reservations for the upcoming "hackathon" -- even though many of the arriving developers have non-refundable tickets, and would have no place to stay. Jonathan Smith also probably had something to do with the decision. If you would like to voice your opinion to these individuals, please be clear, extremely professional and courteous. Flaming and being childish will only hurt OSS. Also, please think about donating or ordering something to help the project along." DARPA, which initially denied that it was cancelling the grant, has now admitted it. Although de Raadt seems to be upset with how his UPenn contacts are handling the cancellation, it's DARPA that is ultimately at fault, not the UPenn people.

Mortimer.CA writes "The OpenBSD Journal has an article with more info on cutting of the OpenBSD funding. It seems that the funding was partially cut due to worries about "capable nation-states". Also Mark West asked the hotel to cancel all reservations for the upcoming "hackathon" -- even though many of the arriving developers have non-refundable tickets, and would have no place to stay. Jonathan Smith also probably had something to do with the decision. If you would like to voice your opinion to these individuals, please be clear, extremely professional and courteous. Flaming and being childish will only hurt OSS. Also, please think about donating or ordering something to help the project along." DARPA, which initially denied that it was cancelling the grant, has now admitted it. Although de Raadt seems to be upset with how his UPenn contacts are handling the cancellation, it's DARPA that is ultimately at fault, not the UPenn people.

javifs writes "Do you remember TAMU's security tools? If so you might remember a tool that was developed when COPS, SATAN, and ISS were (back in 1994): Tiger. You might think it was dead, well it's not. Tiger has resurrected at Savannah and even has a new webpage and logo! (cool, isn't it?) Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge: an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, however, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check Counterpane's Log Analysis pages). Also, free software Linux/*BSD distributions have a miriad of security tools to do local security checks: Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... maybe Tiger could substitute them at some point in the future. Do you think Tiger has a place in the toolkit of the security professional? (I might be biased, though, after all I'm the upstream developer for Tiger now :-) ) In any case, have you downloaded and tested the latest release candidate for Tiger version 3.2?"

Dan writes "OpenBSD team's Miod Vallat says that due to the upcoming release of OpenBSD 3.3, the 3.1-STABLE branch will have no more fixes committed to its branch after June 1, 2003 and should therefore be considered out of regular maintenance."

Starrider writes "It seems the DARPA grant for OpenBSD and for University of Pennsylvania has been cancelled (?) immediately and without warning. See the full story in Theo's email and on deadly.org." Theo is left to only speculate why funding was suddenly pulled. One also has to wonder what this means for the University of Pennsylvania, since they were also in for a piece of the pie.

flynn_nrg writes "Even although version 3.3 is not out yet, users can already enjoy the new 3.3 song: "Puff the Barbarian". Like other Barbarians before him, Puff has had to face some pretty crazy challenges. This song is an allegory of the recent difficulties we went through dealing with Sun, who refused our request for documentation about their UltraSPARC III processors. We want documentation, because these are the fastest processors with a per-page eXecute bit in the MMU, needed to fully support our new W^X security feature. In the meantime, the AMD Hammer has come onto the scene, and this processor supports an eXecute bit in 64-bit mode. And it is going to be faster... Both mp3 and ogg versions available."

flynn_nrg writes "Even although version 3.3 is not out yet, users can already enjoy the new 3.3 song: "Puff the Barbarian". Like other Barbarians before him, Puff has had to face some pretty crazy challenges. This song is an allegory of the recent difficulties we went through dealing with Sun, who refused our request for documentation about their UltraSPARC III processors. We want documentation, because these are the fastest processors with a per-page eXecute bit in the MMU, needed to fully support our new W^X security feature. In the meantime, the AMD Hammer has come onto the scene, and this processor supports an eXecute bit in 64-bit mode. And it is going to be faster... Both mp3 and ogg versions available."

flynn_nrg writes "Even although version 3.3 is not out yet, users can already enjoy the new 3.3 song: "Puff the Barbarian". Like other Barbarians before him, Puff has had to face some pretty crazy challenges. This song is an allegory of the recent difficulties we went through dealing with Sun, who refused our request for documentation about their UltraSPARC III processors. We want documentation, because these are the fastest processors with a per-page eXecute bit in the MMU, needed to fully support our new W^X security feature. In the meantime, the AMD Hammer has come onto the scene, and this processor supports an eXecute bit in 64-bit mode. And it is going to be faster... Both mp3 and ogg versions available."

Matt2000 asks: "With the growing number of package updates that cross my inbox for my redhat systems, and with the vast majority being buffer overflows, or overflows of some kind doesn't it strike anyone that there must be a better way? Instead of spending time auditing every piece of software for mechanically preventable bugs, why isn't there a common, audited virtual machine that people can build net facing services on? I would guess that sshd, httpd, and sendmail would be good candidates to start, as they are the most common and the most exploited. And please don't freak out performance junkies, if you run a website that serves 70,000 people a second and need to run native apache, then do so. Just accept that it will be less secure."

An anonymous reader writes "Canada's National Post is reporting today that DARPA is (indirectly) funding $2-million (US) to Theo de Raadt of OpenBSD. The article is available here." Update: 04/07 21:01 GMT by T : As several readers have pointed out, this blurb should credit instead The Globe and Mail rather than the National Post.

BSD Forums writes "OpenBSD recently changed the mode of operation for the Apache webserver from the normal non-chrooted operation to chrooted operation. This enhances the security of the server on which Apache is run but it imposes a few challenges to the system administrator. In this article Marc Balmer discusses selected aspects of running a chrooted HTTP daemon and present strategies on how to set up a chrooted environment for more complex applications like database access or using CGI-scripts."

petabyte writes "Now that RedHat 9 is out, here's something for the rest of us. OpenSSH 3.6 has been released today. Is has several new features including a progress meter for sftp and bandwidth limiting for scp. I haven't installed it yet but I'm sure the packages will be hitting mirrors soon enough. There's even a new T-shirt."

CoryBenny writes "The OpenBSD project has just started taking pre-orders for its 3.3 release. This release contains the new pro-police stack protection and lots of other new features! The OpenBSD Journal are running a story here. Pre-orders can be made here and just check out their cool new t-shirts!!"

CoryBenny writes "The OpenBSD project has just started taking pre-orders for its 3.3 release. This release contains the new pro-police stack protection and lots of other new features! The OpenBSD Journal are running a story here. Pre-orders can be made here and just check out their cool new t-shirts!!"

CoryBenny writes "The OpenBSD project has just started taking pre-orders for its 3.3 release. This release contains the new pro-police stack protection and lots of other new features! The OpenBSD Journal are running a story here. Pre-orders can be made here and just check out their cool new t-shirts!!"

*no comment* writes "Well with all the advancements in PF and secure code wouldn't it be nice if someone would write a book on OpenBSD??? Oh wait, someone is. A guy named Jacek Artymiak is doing just that. The OpenBSD Gazetteer is scheduled for release shortly after the release of what may be the best release ever of OpenBSD (IMHO). Vastly improved PF, ALTQ, and BIND 9 is now default, not to mention procop stack protection. Out of the box it's ready to go as a firewalling packet-filtering bandwidth-throttling machine. A thread had started to pick up over at deadly.org."

Dan writes "OpenBSD's Markus Friedl is requesting everyone to test the latest OpenSSH 3.6 nightly snapshots to help ensure a quality final release. The OpenSSH Portability Team takes the pure OpenSSH version and adds portability code so that OpenSSH can run on many other operating systems. Folks, download snapshots for your OS from one of these mirrors."

jtorin writes "Daniel Hartmeier (of OpenBSD fame) has written a short but interesting article which explains how to better utilize available bandwidth. In short it gives priority to TCP ACKs over other types of traffic, thereby making it possible to max both upload and download bandwidth simultaenously. Be sure to check ot the nice graphs! Also note the article on OpenBSD Journal. OpenBSD 3.3 beta is now stable enough for daily use, so why not download a snapshot from one of the mirrors and try it out?"

jtorin writes "Daniel Hartmeier (of OpenBSD fame) has written a short but interesting article which explains how to better utilize available bandwidth. In short it gives priority to TCP ACKs over other types of traffic, thereby making it possible to max both upload and download bandwidth simultaenously. Be sure to check ot the nice graphs! Also note the article on OpenBSD Journal. OpenBSD 3.3 beta is now stable enough for daily use, so why not download a snapshot from one of the mirrors and try it out?"

jtorin writes "Daniel Hartmeier (of OpenBSD fame) has written a short but interesting article which explains how to better utilize available bandwidth. In short it gives priority to TCP ACKs over other types of traffic, thereby making it possible to max both upload and download bandwidth simultaenously. Be sure to check ot the nice graphs! Also note the article on OpenBSD Journal. OpenBSD 3.3 beta is now stable enough for daily use, so why not download a snapshot from one of the mirrors and try it out?"

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

TrumpetPower! writes "Recently there's been quite a row in the OpenBSD community over copyright infringement by the OpenBSD spinoff, MicroBSD. Many parts of MicroBSD would seem to be a wholesale search-n-replace of the two names...including copyright notices. As a result, MicroBSD has shut down. It's worth noting that, as of this story submission, the MicroBSD Web site is still up and running with no special notices."

Cajal writes "Four students at the University of Waterloo are working to add SMP support to OpenBSD as part of the Spinlocks project. More information is available in a story at the OpenBSD Journal's site. They expect to have an initial working MP kernel in January."

An anonymous reader writes "CNet has an article up about OpenBSD trying to get documentation for Sun's UltraSparc-III processor. Basically Sun is giving them a bit of run around....There is some documentation available for the processor, but not enough to get things to boot."

An anonymous submitter writes "OpenBSD wants to run on all hardware. They've asked Sun for documentation on the UltraSPARC III processors over and over, but been stonewalled. Theo recently asked users to talk to Sun about this issue. A fairly complete thread archive can be found here. The real kicker is that Sun has released this documentation through an NDA to Linux developers..."

Dan writes "Todd Miller says that the OpenBSD 3.2 song is now available via ftp. The OpenBSD 3.2 song lyrics are also available."

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

An anonymous reader writes "Just over a year ago, OpenBSD creator Theo de Raadt ripped ipfilter out of the OpenBSD code leaving "the world's most secure OS" temporarily without a packet filter. Here's an interesting interview with Daniel Hartmeier, author of pf, the stateful packet filter developed as a replacement. Now just over a year old, it sounds like pf has already become a serious contendor in the world of stateful packet filtering. This interview is of particular relevance with OpenBSD 3.2 to be released on Friday, 11/1."

ocipio writes "OpenBSD's systrace now has privilege elevation support. This means binaries no longer need to be suid or sgid an longer. Applications can be executed completely unprivileged. Systrace raises the privileges for a single system call depending on the configured policy."

Noryungi writes "Yep, OpenBSD 3.2 is now officially in pre-release, and can be pre-ordered from the openbsd.org web site as well. Another very, very wacky design for the CD as well... Is Theo de Raadt a fan of James Bond?"

Noryungi writes "Yep, OpenBSD 3.2 is now officially in pre-release, and can be pre-ordered from the openbsd.org web site as well. Another very, very wacky design for the CD as well... Is Theo de Raadt a fan of James Bond?"

jukal writes "From here: "Hello folks, Due to the upcoming release of OpenBSD 3.2, the 3.0-STABLE branch will be out of regular maintainance starting december 1st. There will be NO MORE fixes commited to this branch after this day. People relying on 3.0-STABLE (or older releases even) are strongly advised to upgrade to a more recent release (preferrably 3.2 as it becomes available) as soon as possible. Thanks for reading, Miod" Download from your preferred FTP mirror."

Slashback with two different updates on the donation by Sun of elliptic-curve cryptographic techniques to the OpenSSL project, the state of Microsoftization of the U.S. Department of the Interior, and the strange outcome of Batt vs. the Cage Trust. Read on below for the details.

Different folks, different contributions Dr. Sheueling Chang-Shantz writes:

"Hello, I am the lead researcher/developer of the ECC project at Sun Microsystems Laboratories. I appreciate very much the news you posted on Slashdot regarding 'OpenSSL Gets Cryptography Gift From Sun.'

However, your wordings "Sun Microsystems has donated ... developed by Whitfield Diffie ..." seems to be causing some confusion on Slashdot forum. It gave the wrong interpretation that Whit has invented ECC. Sun is definitely making no attempt to claim that Whitfield Diffie has invented the Elliptic Curve Cryptosystem. Technically, neither has Whitfield Diffie developed the ECC technology that Sun has donated to the OpenSSL project recently.

I would appreciate it if you could correct the news before too late.

For clarification, Elliptic curve cryptography was independently invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.

Whitfield Diffie is Sun's chief security officer who co-invented Diffie-Helman public-key cryptography."

We now go north of the border ... And further on the topic of that donation by Sun, friscolr writes "In a recent post on misc@, OpenBSD project leader Theo de Raadt states...

OpenSSL is becoming a non-free software project, because the code from Sun contains licenses which invoke patent litigation; the licence on the new code basically builds a contract that says "if you use this code, you cannot sue Sun".

He goes on to say, 'once again, i think it is time to fork OpenSSL.' Thank you, Theo, for always making sure we will have 100% free software at our disposal and for standing by your stated goals."

[Headline redacted] Dotnaught writes "The question of whether British composer Mike Batt's "A Minute's Silence" on the "Classical Graffiti" CD (by The Planets) violated the copyright of John Cage's silent composition " 4'33" " has been resolved in an out-of-court settlement. Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is). On his site, Batt writes, 'We have now settled the matter of my artless plagiarism of John Cage's silence, by his publishers caving in and us winning! Why didn't I think of that before! We could have saved a lot of time and buggering about, although I must say, the struggle was one of the most amusing disputes I've ever , er, disputed.' Batt may yet have the last laugh. According to the New Yorker, Batt has been busy copyrighting chunks of silence of various lengths other than the four minutes, thirty-three seconds of silence owned by Cage."

Hey, does this guy really work for the government? In response to broadly worded news that the U.S. Department of the Interior was switching to an all-Microsoft computing infrastructure, security architect (and oftc.net honcho) D. Clyde Williamson fired off a well-phrased mail to Hord Tipton, Acting Chief Information Officer for the Department of the Interior. asking for clarification, and urging that the DOI consider advantages of not tying themselves completely to proprietary systems. Tipton's response (posted with his permission) is informative:

"Thanks for your views on the DOI's attempts to standardize operating systems. Whereas it is true we are moving towards enterprise approaches to desktops and operating systems, there will be as you suggest a heterogenous mix at the server level. We have not decided at this point to be 100% Microsoft although that discussion has been entertained. There are certain risks and efficiencies that must be considered regardless of the path taken.

Our major concern is interoperability and our current situation is all over the map. Thus standardization is an important step forward for us.

Thanks again for your views.

Hord Tipton
Department of the Interior"

Why relying on a single vendor for such an important aspect of the modern workplace is still considered an "enterprise approach" I'm not sure, but it is certainly true at many companies.

A secretive reader contributes: "Once again, almost all of the OpenBSD developers got together for a full week of intensive coding. Pictures from the hackathon are available for people who want to see how the developers of this fine OS look like. Theo de Raadt announced on the mailing list: 'There is a reason why such a flurry of commits is happening. Once again, we are doing a hackathon; this time in Calgary, for a full week leading up to usenix. Thus far, 32 people have arrived, and are hacking away in a hotel conference room, working on various things, but more people are still flying in from around the world ...'"

Telent writes "OpenBSD 3.1 is out. I've been using a -current snapshot from April as my desktop, and this is truly an amazing release with lots of new PF tricks, improved driver support, and many other cool things. Get it from the master site at ftp.openbsd.org, or use a mirror when possible. Even the release art kicks butt. Enjoy!"

Telent writes "OpenBSD 3.1 is out. I've been using a -current snapshot from April as my desktop, and this is truly an amazing release with lots of new PF tricks, improved driver support, and many other cool things. Get it from the master site at ftp.openbsd.org, or use a mirror when possible. Even the release art kicks butt. Enjoy!"