Slashdot Mirror

← Back to Domains

Domain: openbsd.org

Stories and comments across the archive that link to openbsd.org.

Comments · 2,959

  1. Re:Just wondering.. by evenprime · · Score: 4, Insightful · on IBM Clinches Security Certification for Linux
    TedCheshireAcad asked
    If Win2k gets a higher rating than Linux, then why do we have stuff like this happening?

    Isn't it odd that a "comprehensive security rating" can overlook something as serious as a complete remote compromise?
    No, it is not odd. It is expected, in fact. Microsoft's rating was for common criteria "CAPP/EAL4". The CAPP part means that the OS provides "a level of protection which is appropriate for an assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security". I don't consider the internet to be a non-hostile and well-managed user community, so I'm not the least bit surprised that hostile remote attacks are possible. The evaluations didn't say that it was safe to hang the microsoft box - or the linux one - on the internet.

    These lower level security evaluations don't mean much in terms of real security out on the big scarey internet; i.e. the situation most of us find our machines in all the time. (This has been discussed on slashdot before.) Basically, all that is necessary to get one is that you document *everything* and then throw a pile of money into having a government-approved independent organization evaluate your product and make sure that it does what the documentation says it does. If your product behaves as your documentation says it does, you get the certification. It is worth noting that OpenBSD, who have only had one remote hole in the default installation in seven years, have avoided these types of certifications for a long time. Look at Theo's comments on the C2 rating in the Orange Book (the predicessor of the common criteria.) This is the formal description of EAL4 in the official list of evaluation levels
    EAL4 - methodically designed, tested and reviewed

    EAL4 permits a developer to maximize assurance gained from positive security engineering based on good commercial development practices. Although rigorous, these practices do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. It is applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs, and are prepared to incur additional security-specific engineering costs.

    An EAL4 evaluation provides an analysis supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.
    Notice that the goal is to "retrofit" a product line with security, and only to the degree that doing so is "economically feasible". Compare that with Bruce Schneier's comment that "Security isn't easy, nor is it something that you can bolt onto a product after the fact." No one should be surprised that feature-rich, general purpose operating systems designed for quick and easy use (i.e. everything turned on by default) are vulnerable.
  2. Re:What about BSD? by Anonymous Coward · · Score: 0 · on IBM Clinches Security Certification for Linux

    I agree. I wish the government would take a serious look at, say, OpenBSD for example, and maybe even donate a couple of bucks to them. I've had my rounds with OpenBSD, and it's straight out damn secure.

    I don't see why most /. people hate *BSD. It's a great and rock solid system, I'm using FreeBSD myself, in addition to Redhat Linux and Windows XP.

  3. Funding? Needed at All? by hbo · · Score: 4, Insightful · on Does Open Source Need a Red Team?
    OK, so you are going to hire highly experienced and expensive talent to do security audits for open source projects that don't have a revenue model? Where's your revenue model?


    And of course, the benefit of open source is that all sorts of motivated, talented people from all over the world pitch in to do a similar analysis for free, and without a formal "red team." This breaks down quite a bit with the volume of Free Software being produced nowadays, however. But the important pieces of infrastructure (Apache, e.g.) DO get the scrutiny their importance demands. Not to mention pounding by black hats.


    Someone mentioned OpenBSD. But even they don't audit everything. They confine their attention to the core of the OS. That's quite a lot of software, but the ports tree is quite a bit more. The ports get somewhat more attention than they would simply because you've got a large set of security conscious users.

  4. OpenBSD vulnerabilities in the last month by Anonymous Coward · · Score: 0 · on MPAA Opens Anti-filesharing Website

    All architectures

    * No problems identified yet.

    i386, alpha, mac68k, sparc, sparc64, hppa, hp300, mvme68k, macppc, vax

    * No problems identified yet.

  5. Re:Unnecessary - encrypt your file systems instead by Anonymous Coward · · Score: 1, Informative · on ABIT's Secure IDE Motherboard

    Encrypted file systems are a pain to configure and they suck up CPU time. If this can be done in hardware, that's a good thing.

    If this can be done in the hardware correctly, that's a good thing. One can't go about blindly cheering such unproven technology. I'll sound like an ass and say I'll wait for more reviews before trusting the ABIT encryption scheme. Trusting a faulty encryption (or security) model is not a good thing.

    For now, one can depend on older devices such as these cryptography accelerators. Soon, Linux will also include support for such devices.

  6. SMP in the *BSDs by Graabein · · Score: 2, Interesting · on Why SCO UNIX Is A Bad Idea
    Quote from the article:

    GNU/Linux has an amazing amount of native software packages and supports a modest number of CPU architectures. It can easily do symmetrical multiprocessing (SMP) with up to 16 CPUs (the 2.6 kernel can do up to 32) unlike Free/Open/NetBSD which is still struggling with proper SMP implementation

    Oh, really? I know OpenBSD isn't quite there yet. but what's not proper about the SMP implementations in FreeBSD (5.x) and NetBSD? Inquiring minds want to know, can anyone here shed some light?

  7. Re:Honest Portability Question by Homology · · Score: 1 · on Reiser4 Benchmarks
    I don't see anything in the GPL that would prevent including ReiserFS with a BSD kernel.

    OpenBSD has issues with including GPL'ed code. Theo de Raadt gave a very short initial answer.

    OpenBSD are very keen on keeping their code untainted.

  8. Re:The next widespread compression by Homology · · Score: 1 · on PKWare Files a Patent Application for Secure .zip
    The replacement for pkzip should be gzip.

    OpenBSD is working on removing GNU software from their OS. By porting BSD userland to Linux, perhaps we can talk about BSD/Linux ;-)

  9. Speaking of security risks by Anonymous Coward · · Score: -1, Offtopic · on Sweden Crunches Cookies

    There are multiple vulnerabilities in the Linux 2.4 kernel.

    Get your patch here, here, or here.

    BTW, there are no security patches required for OpenBSD 3.3 yet.

  10. Speaking of security risks by Anonymous Coward · · Score: -1, Offtopic · on Sweden Crunches Cookies

    There are multiple vulnerabilities in the Linux 2.4 kernel.

    Get your patch here, here, or here.

    BTW, there are no security patches required for OpenBSD 3.3 yet.

  11. Re:Windows ... by Anonymous Coward · · Score: 0 · on DirectX Flaw Leaves Windows Vulnerable

    Try an OS [openbsd.org] that has been worked from the ground up with security in mind.

  12. Re:Windows ... by Anonymous Coward · · Score: 5, Informative · on DirectX Flaw Leaves Windows Vulnerable

    OpenBSD did only have a single exploit in the last seven years. (In default install profile).

    But i'm not sure it was in the last year, if it's earlier then OpenBSD is your answer! :)

  13. Re:Good job! by jo42 · · Score: 1 · on Australian Linux User Group Fights Back Against SCO


    Like, sorry, eh? But Canada is the home of OpenBSD. We don't need no stinking Linux!

  14. Securing Linux... by jo42 · · Score: 1 · on Linux Security Cookbook

    Starts with 'format c:' and ends with http://www.openbsd.org/

    - Mod me down, I dare you, geek...

  15. Re:Hmmm... by mhesseltine · · Score: 1 · on SCO Awarded UNIX Copyright Regs, McBride Interview
    I'm not sure where we'd go, though... Maybe BeOS (gasp!) or something...

    Or FreeBSD, OpenBSD, or NetBSD would all be options, considering they came from the Berkeley BSD base of code, not the AT&T System Unix code.

  16. Re:If your not trying to sell it... by Homology · · Score: 1 · on QA Under The Open Source Development Model

    Go check out OpenBSD for a second opinion.

  17. Download Patch by Anonymous Coward · · Score: 0 · on Windows Vulnerabilities Revealed, Patched

    Wholesome patch can be downloaded by ftp from your closest mirror: The Windows Fix

  18. Re:BSD - Remote Holes by buggered · · Score: 1 · on Top Five Reliable Providers

    Isn't that true of *any* solid server OS?

    There's always those virus/worm/exploit things. It's my observation that Windows has quite a few.

    It looks like the latest FreeBSD (4.8) has a one and the previous release (4.7) had a few.

    The last OpenBSD (3.2) had 14. The new version of OpenBSD (3.3) has been out for over 2 months and doesn't have any yet. That's pretty impressive.

    Interesting that several of the flaws in FreeBSD and OpenBSD are the same bug.

  19. OpenBSD? by mr.henry · · Score: 2, Interesting · on Firewalls and Internet Security, Second Edition
    Written with Freebsd in mind many of the techniques in this edition adapt well to other sources such as Linux, Os/X, Unix, NetBsd, and Solaris.

    No love for OpenBSD? It's arguably the best OS for security and firewalls.

  20. openbsd tunes ^_^ by jdew · · Score: 1 · on Random Humor

    they rule ^_^

  21. Re:Okay ... by lemonjelo · · Score: 1 · on Study: Wi-Fi users Still Don't Encrypt

    If I really want to do some web browsing secure from local sniffers I could fire up netscape from my basement but with the display on my notebook. (X has some bebefits.) It would be slow, but it would work.

    True, but I'd think it snappier to use the included SOCKS4 proxy that comes with newer OpenSSH software. (It's the -D option.)

  22. Re:It's tough to do. by pmz · · Score: 1 · on Which Organizations Have Standardized on Mozilla?

    the antitrust service pack

    For those of you who haven't heard of this, yet, here are places you can get it:

    Mirror 1a
    Mirror 1b
    Mirror 2
    Mirror 3
    Mirror 4

    These mirrors also work well:

    Mirror 5
    Mirror 6

  23. Re:man Pages by Anonymous Coward · · Score: 0 · on Core Mac OS X and Unix Programming

    Do you mean something like this?

    Of course, if you are using another OS, you might be SOL.

  24. Hey Ma! Don't forget the firewall! by cscx · · Score: 0, Troll · on Building A (Serious) Home Network From Scratch

    If you're going to do a job, at least do it right.

  25. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  26. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  27. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  28. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  29. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  30. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  31. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  32. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  33. Support OpenSSH development... by Anonymous Coward · · Score: 1, Interesting · on Kerberos Support In OpenSSH
    Support the OpenSSH developers by getting a 3.3 CD $40 or for Europe EUR 45


    There is a new Tshirt: 3 .3 Tshirt $20 or for Europe EUR 20


    The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe


    Support OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

    thank you.

  34. Been there, done that by sosume · · Score: 4, Interesting · on TV Brick - Open Source TV Streaming?

    The process is really easy. Get a TV tuner card that is supported under your favourite unix-like flavour, for instance a Hauppage BT 878. Open a remote X session and start the TV application. Voila. (maybe some reencoding should be done to get it all the way to france- 100 mbit works if you don't mind :)

    In other news, I wonder what a beowulf cluster of these would take for bandwidth..

  35. openssh and kerberos by joe_bruin · · Score: 1 · on Kerberos Support In OpenSSH

    seems like the story submitter jumped the gun a bit. from http://www.openbsd.org/plus.html

    Add kerberos-over-ssh2 support to ssh(1).

    though, reading some openbsd mailing lists, i get the following:

    the openssh maintainers would like to have full kerberos support in openssh. however, the mit kerberos code is full of bugs and poorly maintained. the openbsd and openssh developers are sick of dealing with it, and are trying to minimize use of kerberos in the system.
    kerberos 4 has been pulled out of openssh and openbsd for the above reasons.

  36. Re:Why bother? by RLiegh · · Score: -1, Troll · on Introduction to Debian
    There's lot more in debian than stability and apt-get.
    ...such as..?

    Social-contract,

    Nice if you're religiously inclined; which I don't believe that most slashdotters are...

    extensive multiplatform support and compatibility,

    Which NetBSD does better, hence the Debian Port to it.

    serious full-disclosure security policy ...

    Which does better [hence the 'no remote holes in the default install" bit]

    However, using debian DOES allow you to feel 31337 on slashdot (whoops, I spoke too soon) and feel superior by bullying [RTFM n00b] helpless newbies on IRC.

    While I use debian (out of habit), I question that it's time has not come and gone...
  37. Re:Calm down everyone, it's just RMS as usual by Anonymous Coward · · Score: 0 · on RMS Cuts Through Some SCO FUD

    "[...] without GNU, there never would have been OS [...]"

    If by OS you mean OSS and not Operating System then I'm afraid that I respectfully disagree.

  38. Re:Automounter? by Anonymous Coward · · Score: 0 · on Mac OS X Unleashed (2nd Edition)

    openbsd PPC page

  39. Re:This doesn't really surprise me... by metatruk · · Score: 1 · on Linux Router Project Dead

    I think I'd prefer Debian over an OpenBSD system, here's why:

    OpenBSD requires that you rebuild stuff when a security update is released. This requires gcc to be installed, and enough disk space to actually build on, as well as enough memory, etc.
    Here is some info about how you patch OpenBSD: http://www.openbsd.org/faq/faq10.html#Patches

    Debian is a binary distribution. All that needs to happen is you download updated packages built by someone else, and drop them in place. No need for a compiler, and all of the build dependencies to rebuild whatever when a security problem is found.

  40. This doesn't really surprise me... by cscx · · Score: 2, Redundant · on Linux Router Project Dead

    With the price of PC components dropping so rapidly, and how much Linux's iptables absolutely blows as a firewall compared to, say, OpenBSD's pf, this was a sure thing destined to fail.

    Just think about this for a moment -- "single floppy distro." You take one of the most unreliable forms of disk media, the floppy disc, and expect it to run something continuously and reliably, such as a firewall/router. You can easily build a PC for $50, put BSD on it (which by the way is easier to install than Debian and easier to configure than iptables), and spend your time doing something more useful, like partying with girls instead of configing your firewall.

  41. Re:The GPL: Intellectual Theft by 101percent · · Score: 5, Informative · on nForce2 GART Driver Finally Released For Linux

    "Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable."

    This is simply untrue. Many non-free systems are compiled using GCC. Many propreitary systems are built using the Gnu Compiler Collection, and I have never heard of the Free Software Foundation claiming that they must release their code. I think this is either a misinterpretation by your lawyers or general just fear, uncertainty, and doubt on behalf of your company.

    "I think the biggest thing keeping Linux from being truly competitive with Microsoft is this GPL. Its draconian requirements virtually guarentee that no business will ever be able to use it."

    The GPL is hardly more draconian than the Microsoft EULA. Furthermore, the GPL is clearly not about companies. The GPL is about giving freedom to the user.

    "Everyone was very pleased with Linux, and we were considering using it for a great deal of future internal projects."

    Your comment significes the overwhelming sensibility of sharing code. All the public resources that have gone into creating the myriad of propreitary products is generallyh wasteful. Their is no point in trying to re-invent the wheel. Their is no point in not sharing generally useful technical information.

    I personally admire what your company did in contracting to modify Free software for specialized purposes. This is exactly how Free Software would benefit to our economy, especially for developers such as yourself. The only reason that things like Microsoft EULA's exist is so that someone can take away the freedom of their users and exhibit a system of power over them as people. The arguement that companies must protect their intellectual property is flawed because the money that they make generally doesn't go into paying for the costs of distrobution. It goes into things like making Bill Gates a very rich man. That's a system not at all concerned with compensating the developers, once you make an analysis and really think about it.

  42. OpenBSD firewall by shking · · Score: 1 · on Getting Law Enforcement Action for a Large-Scale Hack?
    This makes me want to step up my plans to put an OpenBSD firewall in place...

    The BSDWall project already done most of the work for you. Assuming that you have an old pc with a couple of NICs in it and a broadband connection, you should be able to build your firewall in an hour or less.

    "bsdwall" is a Perl script that turns an OpenBSD box into a working firewall. The site includes

    • Instructions for finding and configuring compatible network cards
    • OpenBSD install directions
    • How to install the bsdwall package after your first boot of an OpenBSD machine
    • How to configure and control your firewall

    One minor quibble: bsdwall works properly with the latest OpenBSD (3.3), but the install instructions on on the BSDWall site are still for 3.2. Just substitute the 3.3 install floppy for the one mentioned on the website (or buy a CD) and remember that the prompts on the the screen won't exactly match the website's directions keystoke-for-keystroke.

  43. OpenBSD firewall by shking · · Score: 1 · on Getting Law Enforcement Action for a Large-Scale Hack?
    This makes me want to step up my plans to put an OpenBSD firewall in place...

    The BSDWall project already done most of the work for you. Assuming that you have an old pc with a couple of NICs in it and a broadband connection, you should be able to build your firewall in an hour or less.

    "bsdwall" is a Perl script that turns an OpenBSD box into a working firewall. The site includes

    • Instructions for finding and configuring compatible network cards
    • OpenBSD install directions
    • How to install the bsdwall package after your first boot of an OpenBSD machine
    • How to configure and control your firewall

    One minor quibble: bsdwall works properly with the latest OpenBSD (3.3), but the install instructions on on the BSDWall site are still for 3.2. Just substitute the 3.3 install floppy for the one mentioned on the website (or buy a CD) and remember that the prompts on the the screen won't exactly match the website's directions keystoke-for-keystroke.

  44. Re:Corporations pay taxes too... by JonMartin · · Score: 1 · on UK Govt Warned: Don't Buy GPL
    But your rights end where mine begin.

    Actually it is not that simple but that is beyond the scope of this debate.

    I also paid taxes on that code and also get a say in how it is used.

    Which is exactly why the code should be released under a license which puts as few restrictions on its use as possible: to allow as many people as possible to use it. Take a look at the latest version of the BSD license used by OpenBSD. Simplicity itself. It says who the copyright holder is, that you can do anything with the code except change the copyright and that there is no warranty. It doesn't get much more free and straightforward than that.

  45. Double-edged sword of DARPA Funding by landoltjp · · Score: 3, Interesting · on Ask ReiserFS Project Leader Hans Reiser

    Given the problems encountered by Mark West when DARPA pulled its funding on the OpenBSD project, are you concerned about what strings may be attached to such funding for ReiserFS, be they implied or explicit?

  46. Neither does OpenBSD Re: (...) runs IIS on Win2k by Ravioli · · Score: 1 · on President Of India Advocates OSS

    Neither does OpenBSD's website run their software. I wouldn't be particularly happy if the President installs Linux boxen at work, and admin's them all day ...
    --

  47. OpenBSD by Penguuu · · Score: 3, Informative · on Application Layer Packet Shaping on Linux

    This type of thing has been in OpenBSD long time now (altq) but it nice to see that this type of thing is done in linux.

  48. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.

  49. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.

  50. About time, I say by irenetheno · · Score: 5, Informative · on Absolute OpenBSD
    This is only second book in history on OpenBSD.

    That doesn't mean that OpenBSD is bad or has a small group of supporters.. It's only one of the most secure ("out of the box" is one of the items of high importance to me) firewall operating systems in the world. It's completely Open Source and available for free download.

    The original book on OpenBSD from the year 2000 is sorely outdated since the OpenBSD project tries to release a new version every six months. This book covered lots of security/firewalling concepts and how to implement them in OpenBSD 2.5 (as well as Linux) while we are now at OpenBSD 3.3. The above-mentioned books should be able to help fill in the background details as to the "whys" more than the "hows."
    The "hows" are provided on the OpenBSD website for free:
    FAQ (installation)
    Packet Filter User's Guide (does most of the amazing firewalling that OpenBSD is famous for)
    Manual Pages

    OpenBSD is freely available for download, but if you like the project, I strongly encourage you... Buy something from them (they have a few shirts and posters): Or donate money or hardware.

    Also, I wonder if this book is in any way related to the Deadly.org plea from the community for topics that an OpenBSD book should cover.