Slashdot Mirror

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for $10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt OpenSSH 2 $20 or for Europe EUR 20

thank you.

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

Support the OpenBSD developers by getting a 3.3 CD $40 or for Europe EUR 45

There is a new Tshirt: 3.3 Tshirt $20 or for Europe EUR 20

The new 3.3 poster is very nice too, get it for
$10 US or EUR 14 in Europe

If you prefer OpenSSH, have a look at this new Tshirt
OpenSSH 2 $20 or for Europe EUR 20

Thank you...

The Upgrade-minifaq has a list of steps to go through for upgrading from 3.0 to OpenBSD-Current. According to 3.2's INSTALL.i386 upgrades for that version are only supported from the immediate previous release. I would follow the steps listed in the minifaq for Upgrading from 3.0. Grab etc31.tgz from ftp, untar it in your home directory or where ever and diff -r it and the old /etc and /var's on the machine for obvious things that need changing. Then I would grab the install bootdisk for 3.1 release and use the upgrade choice. Then follow the steps listed in the minifaq for Upgrading from 3.1, grab etc32.tgz, untar it, diff it and the newly changed /etc and /var making the obvious changes, grab the install bootdisk for 3.2 and use the upgrade choice there. At that point you are running 3.2-release and can either follow the directions in the mini-faq for upgrading to 3.2-stable (You won't need to follow Upgrading from 3.2 for stable), -current (You will need to follow Upgrading from 3.2 and Upgrading from 3.3), or just wait for 3.3's emminent release and use the method discussed above to upgrade to that. While the "make world" method does exist it will not easily work on an upgrade from 3.0 due to the numerous changes to the compiler and toolchain.

I must admit I am quite puzzled by all this and why the grant has been suppressed. Surely DARPA has no interest in stopping OpenBSD development or even just slowing it down since they use it themselves. However they say it is for security reasons. Shock horror, terrorists could be benefiting from the use of Open BSD too!!

I am wondering whether DARPA could not have plans to try and do development from the current Open BSD themselves?
Check the Open BSD copyright policy again. There's nothing preventing them to use the source for their own closed source or open source software, and while Open BSD is available to everyone, they could keep it for themselves.

It's the only explanation that makes sense that I can think of. Obviously I may be wrong and the real explanation could be one that makes no sense.

Bow down and worship the goddess of BSD!

You Linux-using fags cannot possibly comprehend the beauty of the one true goddess!

See how a true believer honors her. Take another look at the proper way to show your devotion to the divine babe of BSD!

There is truly no hope for Linux as long as the lovely Ceren smiles upon us!

look at the top 2 items of this link

propolice is the same gcc stack protection that trusted debian uses, written by the same author whose email address is etoh@openbsd.org.

w^x is similar in concept to pax, but it is faster and doesn't break applications.

this has produced a hilarious 'debate' on the openbsd misc mailing list, as evidenced in threads like this and this

For you Americans out there who plan to talk with their Senators & Representative (or staffers thereof), it'll probably be a good idea to tell them the problem is with

DARPA Grant F30602-01-2-0537,

After the phone calls (or instead of, for The Majority Of The World), send money to the OpenBSD donation site (It's the third ``purchase'' from the top). You can even buy yourself a goodie or two while you're there.

My money's on the way already. I wonder how much of the grant we can replace. Now for those phone calls...

Best wishes,

Max Hyre

If you like OpenBSD, chip in a few bucks. If it went down the way it did, then that's a shame. I'm a Canadian, FWIW, and it's really too bad this went down like it did. I also run a OpenBSD 3.2 firewall that I love. I can't say that it suprises me though, and it certainly is dissapointing.

If you're an American and don't like this, then write your elected representative of choice. I'll be writing mine, but only because I'd rather see them throw money at these guys than a $1.077 Billion dollar gun registry boondacle. OpenBSD sells boxed sets, and I certainly imagine they'll take cash, too.

I didn't see in the article anywhere you could send a donation to. OpenBSD.org has their own donations page and a orders page for their propaganda and cds and section for donations as well.

If nothing else, OpenBSD will profit greatly from the exposure and free publicity this will generate in the Globe and Mail tomorrow.

If you like OpenBSD, chip in a few bucks. If it went down the way it did, then that's a shame. I'm a Canadian, FWIW, and it's really too bad this went down like it did. I also run a OpenBSD 3.2 firewall that I love. I can't say that it suprises me though, and it certainly is dissapointing.

If you're an American and don't like this, then write your elected representative of choice. I'll be writing mine, but only because I'd rather see them throw money at these guys than a $1.077 Billion dollar gun registry boondacle. OpenBSD sells boxed sets, and I certainly imagine they'll take cash, too.

I didn't see in the article anywhere you could send a donation to. OpenBSD.org has their own donations page and a orders page for their propaganda and cds and section for donations as well.

If nothing else, OpenBSD will profit greatly from the exposure and free publicity this will generate in the Globe and Mail tomorrow.

What makes me angry is that, as an American citizen, DARPA's money is MY money, and they are using it as a bludgeon to silence anyone against the current war in Iraq.

I for one am going to donate money to the project via PayPal. I urge you to do the same.

If you want to help but can't afford to donate, at least send him an email telling him that you support him. It's a lonely road and he could probably use the support.

What makes me angry is that, as an American citizen, DARPA's money is MY money, and they are using it as a bludgeon to silence anyone against the current war in Iraq.

I for one am going to donate money to the project via PayPal. I urge you to do the same.

If you want to help but can't afford to donate, at least send him an email telling him that you support him. It's a lonely road and he could probably use the support.

Did you read the "audit" section on that page?

Their explanations lack specifics.

For specifics, see the archives of the security-announce list and other sources mentioned in the "Watching our changes" section in the security page. Or their "press" page. Or even slashdot's BSD section: there are quite a few recent OpenBSD stories.

Who is using it? Why are they using it?

See their users page.

Do you really need to be spoonfed all this?

Did you read the "audit" section on that page?

Their explanations lack specifics.

For specifics, see the archives of the security-announce list and other sources mentioned in the "Watching our changes" section in the security page. Or their "press" page. Or even slashdot's BSD section: there are quite a few recent OpenBSD stories.

Who is using it? Why are they using it?

See their users page.

Do you really need to be spoonfed all this?

Maybe that part was. But maybe John has some other personal reasons he would like to pontificate on. Google would be no help there.

I went the link provided and was able to link to the OpenBSD home page. Like most Unix based OS's the page was remarkably lacking in specifics. It makes claims like, "Only one remote hole in the default install, in more than 7 years!" Great! Sounds secure, but some people think windows is secure... Reading their page on security I get all kinds of unhelpful information like "OpenBSD believes in strong security" and "...we ship the operating system in a Secure by Default mode." Their explanations lack specifics. Sure "All non-essential services are disabled. " and I will have to "enable daemons and other parts of the system" because of this. I guess my question is how do I convince a non-IS person (VP) that OpenBSD is the way to go. Who is using it? Why are they using it? Is there anyone that has had an OpenBSD box cracked and how was it done? Do you see where I am going here?

Maybe that part was. But maybe John has some other personal reasons he would like to pontificate on. Google would be no help there.

I went the link provided and was able to link to the OpenBSD home page. Like most Unix based OS's the page was remarkably lacking in specifics. It makes claims like, "Only one remote hole in the default install, in more than 7 years!" Great! Sounds secure, but some people think windows is secure... Reading their page on security I get all kinds of unhelpful information like "OpenBSD believes in strong security" and "...we ship the operating system in a Secure by Default mode." Their explanations lack specifics. Sure "All non-essential services are disabled. " and I will have to "enable daemons and other parts of the system" because of this. I guess my question is how do I convince a non-IS person (VP) that OpenBSD is the way to go. Who is using it? Why are they using it? Is there anyone that has had an OpenBSD box cracked and how was it done? Do you see where I am going here?

I do not trust Linux man pages or HOWTOs. I have had bad luck with them, in several Linux distributions. For correct (and correctly spelled) documentation, look at OpenBSD. Once you've had high-quality documentation, you won't want to go back.

What you have to do is find yourself a good community. A good community is not free; you have to help build it by making contributions of your own.

If you need help with a specific application, try the mailing list(s) dedicated to that particular application. I have had good luck on the Samba mailing lists, for example.

If it's for a business and you simply can't figure it out, just buy a support contract from Red Hat. That's what they exist to do.

Perhaps this "leak" is to take attention away from new releases of excellent servers: OpenBSD 3.3, RedHat 9 (even w/4 business hour response time), and Mandrake 9.1.

But I can guess at two reasons why it comes just now:

Perhaps this "leak" is to take attention away from new releases of excellent servers: OpenBSD 3.3, RedHat 9 (even w/4 business hour response time), and Mandrake 9.1.

Or perhaps it is to drum up sympathy in congress for new legislation which could be used to mandate DRM in the U.S. This would hamstring the U.S. IT sector and many public institutions by taking money out of already tight budgets and sending it to Redmond in the form of forced purchases of new hardware and software.

If you're going to be nit-picky, at least get the license correct.

Is exactly the quote from the home page of openbsd.org. The express it in that way in recognition of the fact that there can be holes that are not remote.

If a local user can hack the system to gain privileges above those explicitly assigned by the system administrator that would be a hole that was not remote.

http://www.openbsd.org/faq/faq3.html#ISO

So, will these copyright restrictions be lifted now? I'm sure $2.5m should cover Theo's phone, electricity, anger management courses, and food bills.

Money has always been a key to what's now considered OSI compliant software. Always. You don't think Berkeley operated all that time without a budget, do you? Free Software isn't tainted by money, and OS's released under the BSD license are no exception. The only grey area that could exist would be if the presence of investors alters the license. And there's no evidence that DARPA money is causing or will cause a deviation from their current license. None. (Read this for the data.)

And as for the assertion that OpenBSD falls under the GNU General Public License... Oy!

Considering your worries about money, I suspect you don't know what it's like to have any. Try to live without it (either yours or your parents') before you gripe about its effects.

"I think that worries me."
Next time, decide whether it does or not before you post.

Daniel.

Soo.. since they now have funding, does this mean we can finally download the ISO's ? I mean american tax dollars are footing the bill now right? Faq 3.3

OpenBSD, which does not develop as many products as Microsoft, says only one vulnerability or hole has been found in its software in the past seven years.

It's good to see that OpenBSD magnificient PR campaign finally pays off.

Sarcasm aside, I believe the government is the only part (apart from Microsoft with its cash reserves) which can invest in secure software development at the moment, so this is a step in the right direction.

DARPA has been funding the OpenBSD project for awhile now. The grants have been a staple of the OpenBSD team's funding for quite awhile now. Come on, you didn't think they existed solely on the revenues generated from their t-shirts, CD's and posters did you? Congrats to the OpenBSD team on this latest grant. This is fortuitous especially with version 3.3 right around the corner.

It seems the chrooted Apache configuration in 3.2 is turned on by default, and it prevents cgi mappings from working properly under VirtualHosts directives. I was kind of aggravated; it took a while to figure out what was wrong.

It's documented in the OpenBSD FAQ, but I couldn't pinpoint the problem to OpenBSD specifically (and the error log was mysteriously unhelpful at diagnosing the problem), so I spent quite a while reading up on Apache directives before I figured it out.

It was frustrating, but I know Apache considerably better now, so I guess it was worth it. I agree that security is very admirable, which is why I use OpenBSD in the first place, but I think certain options should be turned off by default, especially if they break common services like VirtualHosts cgi ScriptAliases.

Realistically, are most web servers going to be set up just to host one web site? Or am I the only one who uses VirtualHosts on most of my servers?

Troll? OpenBSD runs Mozilla, but the mail and news doesn't work. There are people running it, but why would you want to? Mozilla is really disappointing. They throw complexity at simple problems and expect good results. Even in XP it is disappointing (daily and release (Phoenix is OK though)). W3m with image support (in xterm) and Konqueror are nice in OpenBSD. I use Konqueror when I order things online and w3m for pretty much everything else.

SMP isn't everything. I care much more about having a quality system, than a system full of crappy code and many features. OpenBSD doesn't have enough developers to implement some things properly, so they don't try. I'm glad that the developers don't bite off more than they can chew.

If you check the list of changes in the OpenBSD Changelog (roughly 6 months of work) your thoughts that OpenBSD is stale will probably go away.

Better tell these people, then.

Try them, you'll be amazed.

Well, what were you expecting...

I was going to summarize it for you, but I couldn't do better than the compat_linux(8)

Manpage
http://www.openbsd.org/cgi-bin/man.cgi?query=compa t_linux&sektion=8

So basically it works really well for anything that doesn't over use linux specific access of the hardware, especial procfs.

So, what's going on to keep the MSFT lap-dogs, and their potential customers, informed about SELinux -- and OpenBSD -- in response to the marketing of this "Palladium" thing? Seems like they might be for different sectors of the market (SELinux, OBSD for those who know what they're doing, MSFT-windows for the rest?), but that article doesn't give a lot of details about what "Palladium" is, anyway, no offense.

"trusted Windows technology platform" -- that, in itself, sounds hillarious.

Here's to waiting or digging for details on what this MSFT "nexus" thing is, beneath the flash, hubub, poop, and other marketing.

Now, do y'all get the impression that microsoft is playing this thing right into the workstations of "sensitive" federal offices? If they do this, and succeed in locking those offices into their platform -- if they haven't done so already -- it would be a major blow against the state of the competive market -- within and without "the government sector".

"Jane, how do you stop this crazy thing?!"

In this case, even when NT4 seems to be terminally broken, there's no reason whatsoever to believe that 2k/xp aren't even after MS has provided it's stinky useless patches for those.

What's the point of MS's pro-secure(haha) stance if it's unwilling to patch even one of it's products so long as it takes to make it bulletproof? NT4 is old but proven and been around so long that seems foolish to throw it away and bring in new OSes with new flaws. Doesn't help much if 2k/xp are "based on NT technology" because at the same time the get bloated with all kinds of new stuff.

One thing MS can't do is keeping it's OSes simple. Unfortunately simplicity is one of the requirements of secure software.

Specifically, on the architectures that support it, OpenBSD enforces write or execute permissions on memory. It is still entirely possible to run self-modyfying and dynamic programs, but now every time you need to perform either write or execute you must speficially make a call to switch that memory's permissions. Needless to say, this is not the end-all security solution, and ultimately ends up breaking a lot of things.

I think this goes way beyond just program correctness as a means of security (what used to be OpenBSD's stated goal), and is on the whole a bad thing. A much more sensible approach is to run untrusted applications in their own VMs, and write as much software as possible in languages that can guarantee correctness (this pretty much only means languages that automagically manage memory - C programs using Boehm's conservative GC and safe string functions and such fit this bill).

You want to hear a story about confidence in your system?

I ran an internal OpenBSD web server / CVS repository / Slashdot-like chat area. It was on an old Sparc20 I scrounged up.

I got the opportunity to travel, for four months, to literally the exact opposite side of the planet earth from where I live. What did I do with my server?

I didn't do anything! I packed my bags and took off! Did I give anyone root? Nope. Did I give anyone instructions on what to do? Nope. Did I get a backup sysadmin? Nope.

Why not?

Confidence. I didn't worry about leaving my server for four months while I took off for the opposite side of the planet.

When I came back four months later, the system was still running perfectly. No problems at all. None. In fact, I left it running for a few months more (until I did an upgrade).

OpenBSD rocks.

Check it out. It will rock your world. OpenBSD reminds me of the simpler days of Linux (5-8yrs ago), but has all the latest features and apps.

Those poor defaults are probably by cynical design. Imagine if it came with everything locked down:

Microsoft support would be bogged down(they charge for that so not really a big deal), but worse, Microsoft would get a reputation for being 'unusable'.

Newbie: "I tried for weeks to get IIS running and f'd up my machine!!! Trashy Microsoft, doesn't even work!"

So they set it up with the very trusting defaults. I have to say I was pleasantly surprised to see the Advertising Standards Authority step in. I didn't even know you Americans had one.

So I'm curious, who actually can make that claim? Nobody immediately springs to mind.

www.openbsd.org/ does.

I think actually, that even if you semi-know what you are doing, Windows is rather secure, just set it up to automatically download patches. Yes I know no slashdotter would be caught dead doing that.

Unix is a complete joke as far as security.

I don't know what you mean by "Unix", but I'm assuming it includes all POSIX-compatable operating systems (including GNU/Linux, *BSD, etc). In that case, maybe you should look at OpenBSD. It's about as Unix as they come, being BSD-derived and all. Yet it is also one of the most secure general-purpose operating systems out there. In the past 7+ years, OpenBSD has had one remote root hole in the default install (the OpenSSH off-by-one hole, I believe) and a handfull of priviledge escalation holes and the like. Compare this to Solaris or Red Hat Linux, and you'll see that not all Unixes are the same.

a.) It's ancient so most of the flaws are finally worked out.

I agree here, but I think that the point deserves more elaboration. Many of the flaws in Windows and Windows-related products like IIS stem from fundamental design problems, the kind that only massive time and energy spent reworking can fix. For example, the fact that any NetBIOS-enabled Windows machine will send you its password hashes upon request (by getting the machine to retrieve a remote file:// url) has been acknowledged by Microsoft as a pretty much unfixable design flaw. Similarly, the IIS URL parsing mechanism is overly complex, leading to holes like the Unicode ../../ problems. With Unix, most of the fundamental design issues have been worked out or worked around. True, there are still a few fundamental problems; the inflexible permissions system and the fact that many things run as root just to get one specific priviledge (ping, daemons, etc) come to mind. But most of the flaws in Unix programs come from buffer overflows, format string vulnerabilities, unchecked perl open() calls, and the like: little, isolated errors that are easy to make and almost as easy to fix.

b.) Nobody _gives a shit_ about Unix so there aren't a lot of hackers out there targetting it.

This point blatantly contradicts the others. If Unix is so unimportant, why (according to point a) have there been so many flaws found and fixed? Besides that, have you looked at how many companies are into Linux these days? I think that Red Hat, IBM, and HP (just to name a few) would disagree with your statement that "Nobody _gives a shit_ about Unix". With the release of Mac OS X, Unix is now also a popular desktop OS with a significant market share. As for "hackers" (I'll assume you meant crackers) targeting Unix, take a look at any security-related mailing list and you'll see that many Unix-related flaws are researched and found, and often exploited. Crackers and script kiddies do care about Unix (it accounts for over half of all webservers*, for example), and this is why so much effort has gone into and will continue to go into securing Unix.

*Netcraft says that 64.19% of sites run Apache, but does not mention the OS distribution. Since most Apache installs are on Unix systems, and since there are also some non-Apache Unix webservers, I figured that saying 50% was more than reasonable.

Format your hard drive

Install OpenBSD and their bootloader.

Realize that neither myself nor grub.net has no affiliation with the grub bootloader project.

Wallow in your own filth.

Hope this helps, if I can be of any further assistance please feel free to write me at the address linked above.

- grubby