Slashdot Mirror

So you've never worked on an OS used for real work apparently. Oh well, I may join you soon, what with SMP coming to OpenBSD soon, YaY! Now to get threads and java.

Or donate!

Troll.

OpenBSD has had IPv6 since version 2.7 out in June 2000.

And for the record, FreeBSD has had IPv6 since March, 2000, version 4.0

And let's not forget who brought you OpenSSH.

SMP isn't the top priority. Giving up stability and security for the latest and greatest features are not what everyone wants. A friend of mine complained about FreeBSD not having good SMP support, I asked him if he had an SMP machine, he said "No." I hope that is enough to illustrate my point.

Sorry to go off on this, but mod the parent down if you mod me down please. People always trounce on any of the BSD's while praising Linux here.

Hear that? That's my karma in the toilet. Flush.

Troll.

OpenBSD has had IPv6 since version 2.7 out in June 2000.

And for the record, FreeBSD has had IPv6 since March, 2000, version 4.0

And let's not forget who brought you OpenSSH.

SMP isn't the top priority. Giving up stability and security for the latest and greatest features are not what everyone wants. A friend of mine complained about FreeBSD not having good SMP support, I asked him if he had an SMP machine, he said "No." I hope that is enough to illustrate my point.

Sorry to go off on this, but mod the parent down if you mod me down please. People always trounce on any of the BSD's while praising Linux here.

Hear that? That's my karma in the toilet. Flush.

"Only one remote hole in the default install, in more than 7 years!"

What puzzles me is how they jumped from "nearly 6 years" to "more than 7 years" in less than a year. :)

-jfedor

Isn't it the OpenBSD folks who are telling people not to make ISOs because the codebase changes frequently enough?

No.

Perhaps you are confused by this.

Why would you purchase a set of discs to perform multiple installs when OpenBSD developers recommend against using a static copy?

They don't. OpenBSD releases come at regular 6 months intervals (3.2 was a month early). That's what you should be using. You can use the snapshots or even the current CVS if you feel brave.

Sure, I can understand buying copies to support OpenBSD. I buy Redhat for the same reason, it's more principle than the actual material in the box.

You are correct. There's a slight difference, though, OpenBSD is not trying to turn a profit, just cover the development costs.

-jfedor

>I'd like to see this program offer a choice. Do you want a MacOS, M$, or some flavor of unix on your free laptop?

Yes. That's what they did.

They gave them a machine that does MacOS, M$, or some flavor of unix on your free laptop.

doofus.

Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)

Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)

Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)

Did you really read the strncpy and strncat manpages?
To both zero-terminate and check for truncation is arcane, that's why the OpenBSD ppl made strlcat and strlcpy in the first place.
There are already other secure programming faqs, though AFAIR, they suck too. If I were you, I'd put a HUGE disclaimer to take this page as work-in-progress.
(before flaming, write down the correct code to check for truncation for both funcs)

Confidential Disclosure Agreement (CDA)
They can't accept it because it violates their goals and their policy

Confidential Disclosure Agreement (CDA)
They can't accept it because it violates their goals and their policy

they just run HP/UX or Linux

What model(s)?
NetBSD does have a port for 700 series.

OpenBSD has a port also for some PA-RISC systems.

Perhaps yours are unsupported? or did you mean you choose to only run Linux and HP-UX on these?

it's here

please note the section stating:

OpenBSD can not include material which includes copyrights which are more restrictive than the Berkeley copyright, or must relegate this material to a secondary status

and consider that the reason theo isn't using the linux implementation as a hint is because the gpl is more restrictive than the bsd license.

this may also be the primary reason for refusing to sign the nda. it may be considered "more restrictive" (i certainly didn't get an nda with my copy of obsd 3.2)

now please have a cup of shut the fuck up yourself.

Have you read the CVS commit log why qmail was removed from the OpenBSD ports?

license does not permit modification, to allow for proper integration in OpenBSD

Don't blame OpenBSD (or Theo), blame Bernstein.

I guess you should read the OpenBSD copyright policy.

OpenBSD doesn't need a book. OpenBSD is one of the few operating systems that makes a practice of actually maintaining some semblance of documentation.

See "man help" and http://www.openbsd.org/faq/index.html

They recently got round robin routing included in pf. They also got altq in pf also. They already merged nat.conf into pf.conf. They did a massive suid audit and a major license audit. Now propolice. I though OpenBSD was cool before a lot of this stuff came about. Some things like no-exec code are not available on all architectures though. There is also a calling for more gigabit equipment for furthur and continued testing, read the want pages and I believe Nate for more precise info, and make sure you contact him to make sure you don't get something already being donated.

They recently got round robin routing included in pf. They also got altq in pf also. They already merged nat.conf into pf.conf. They did a massive suid audit and a major license audit. Now propolice. I though OpenBSD was cool before a lot of this stuff came about. Some things like no-exec code are not available on all architectures though. There is also a calling for more gigabit equipment for furthur and continued testing, read the want pages and I believe Nate for more precise info, and make sure you contact him to make sure you don't get something already being donated.

Spare me the smoke and vapor. Don't you remember the sad story of Mica, errr, NT on Alpha? Loudly proclaimed, quietly killed, that's why I think they are not there. If you consider the number of bugs and holes in 32bit M$ work, you might conclude they never arived anywhere.

In the mean time, you can get Linux and BSD on Alpha and other 64 bit platoforms:

• Debian
  
• Red Hat
  
• BSDs, free, net, open
  
• and plenty of others less well known.
  

Oh, it hurts so much to remember and think!

• Debian
  
• Red Hat
  
• OpenBSD
  

This would make the world a better place, even if it could not be used to forcast the next great depresion.

Securing your internal network from windows?

I'd start off by putting all the Windoze boxen on a physically different subnet. Then I'd firewall off the Windoze subnet from the rest of the corporate network. Take a look at OpenBSD as a suitable firewall. This should provide adequate protection from those pesky Windoze systems.

Remember, logical security is only half the battle. Think physical security too. Maybe everyone using a Windoze box should sit at one end of your office space. Then you can put a OmniLock on the door to keep them from getting into the rest of the office.

While you're at it, you might also want to think about implementing a virus-filtering mail gateway in between your Windoze subnet and the rest of the known world.

Never

Check out http://www.openbsd.org/orders.html for the OpenBSD posters. There's one for every release since 2.6, plus one for the OpenSSH project. I personally think that the 3.2 poster is the coolest yet, but that's just my opinion.

Also, check out this link for a poster containing a map of the Linux 2.4 source tree.

And if you're just in it for plain geeky posters, I would suggest Perfectly Scientific, for their range of Prime Number posters.

Buy OpenBSD posters. It'll support the software too. Go here.

-Turkey

As good as it gets.

• Linux Kernel 2.2 (with low memory i would recommend 2.2..) or a really stripped-down 2.4 kernel, running a modern distro which is rather slick in itself, like Slackware or Debian. This will help you avoiding numerous security holes in older distros.
• There has been an article which focusses on small yet functional destop programs.
• If you want to go with really stripped-down distros, which are suitable (or optimized) for embedded computers, check this link.
• I have to agree with some of the other posters that one of the *BSD derivates can be and feel a lot smaller than full-featured, KDE3-based Linux distros...
• If security is not much of an issue for you, for whatever reason, you might want to go for an outdated Linux distro. Watch out for a 2.0 or 2.2 kernel, and libc5 instead of glibc2/libc6, or you might not gain much from the old stuff... Or even Minix? VSTa?

1) If you want the best performace with linux, you will propably have to re-compile everything. You can do all this by hand by following the procedures giving by the Linux from Scratch projet. If this is too much for you, you can go with source-type distributions.

2) If you don't want to go down the "compile-for-3-days" path, you can try modern distros of linux or BSD: FreeBSD, NetBSD or OpenBSD (there is a debian "port" of netbsd and one of freebsd that *could* make life easier). Most are compiled for i386 and can be used if you...

3) Carefully choose your applications! Don't use Kde or Gnome unless it has been carefully stripped of all the surplus. Don't use Mozilla, try pheonix instead.

4) Try it! The best way to know if this is better than that is to try it out.

If it's still too slow or un-usable for you, you can try to give you computer a specific task... like X-terminal or even a router...

I did make some old machines working again with these simples guidelines but i think the most important thing is to...

5)Have fun! I know i did!

openbsd. it runs great on my soekris net4501 (486/133 - 64mb - 32mb compact flash disk). you can follow the procedure outlined here in the openbsd faq to get up and running on a system with less than 32mb of ram

According to OpenBSD Joural, OpenBSD is not affected. NOT AT ALL!!!


- Pcap and Tcpdump are brought in only periodically and after a thorough code review.

- OpenBSD rolls its own build system (for pcap and tcpdump).


The trojan affected the configure script and was activated at build time.
I Love OpenBSD!!!

well, the nsa not too long ago standardized on an open source, patent free digital encryption algorithm for their 'advanced encryption system' (aes), to be used in many forthcoming applications, and replace the aging 'data encryption system' (des). the algorithm they've chosen is called rijndael. here is the source for one implementation.

is this kind of like what you were asking for?

I know you're trying to be funny, but even your example has an exploit. I hope you applied the patches for the setitimer/getitimer vulnerabilities in 3.0 and 3.1. :-) Check them out from here.

OpenBSD severely audited their BIND 4 code-base and it is very secure. This can be ascertained by looking at their errata pages and looking for patches to BIND. There aren't very many at all in the more recent versions.

Sure it's BIND 4, but it's solid and stable, like DNS is supposed to be.

Why choose only one?

Answer: OpenBSD See subsection 6.8.3.1
and read this for why

A.K.A. Rack Mount Madness!

You can use authpf to allow access through your firewall only to logged in users. With this, each user has to first authenticate and then s/he can access the network.
One caveat with this method is that you need a SSH client on your user's computer. For UNIX-Like you can use plain SSH (users are normally familiar with it), but for Windblows, you should take something like putty and change it so it would look more like a login interface.

Luckily for me, I use OpenBSD.

Plus you have to be concerned about those companies putting backdoors in for the NSA.

Luckily for me, I use OpenBSD.

Luckily for me, I use OpenBSD.

Plus you have to be concerned about those companies putting backdoors in for the NSA.

Luckily for me, I use OpenBSD.

Support the OpenBSD developers by getting a 3.2 CD
3.2 CD $40 or for Europe EUR 45

The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe

[Outliers unite! Hi Brecht :-]

Support the OpenBSD developers by getting a 3.2 CD
3.2 CD $40 or for Europe EUR 45

The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe

[Outliers unite! Hi Brecht :-]

Support the OpenBSD developers by getting a 3.2 CD
3.2 CD $40 or for Europe EUR 45

The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe

[Outliers unite! Hi Brecht :-]

Support the OpenBSD developers by getting a 3.2 CD
3.2 CD $40 or for Europe EUR 45

The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe

[Outliers unite! Hi Brecht :-]

Support the OpenBSD developers by getting a 3.2 CD
3.2 CD $40 or for Europe EUR 45

The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe

[Outliers unite! Hi Brecht :-]

>I read the lyrics for the song and my reaction was
>"huh?", perhaps the song makes exclusive reference
>to OpenBSD so much that you would have to be
>familiar with it to get it?

The current OpenBSD mascot is a blowfish, so there are a lot of fish references.

The (wicked cool) art for OpenBSD 3.2 has a James Bond theme.

OpenBSD art has a recurring theme of foiling "script kitties", so that explains all the cat references.

>I read the lyrics for the song and my reaction was
>"huh?", perhaps the song makes exclusive reference
>to OpenBSD so much that you would have to be
>familiar with it to get it?

The current OpenBSD mascot is a blowfish, so there are a lot of fish references.

The (wicked cool) art for OpenBSD 3.2 has a James Bond theme.

OpenBSD art has a recurring theme of foiling "script kitties", so that explains all the cat references.

Lyrics by Ty Semaka. Arranged by Ty Semaka & Jonathan Lewis. Base & drum programming, recording, mixing & mastering by Jonathan Lewis. Vocals by Onalea Gilbertson. Sax by Dan Meichel. Trumpet & Trombone by Craig Soby.

I don't believe any these are OpenBSD developers, just fans.

OpenBSD is a SERVER operating system. 99.99999% of the people using OpenBSD use OpenBSD as a SERVER

Rubbish.

The OpenBSD ports tree, while not as brimming with goodies as FreeBSDs, has loads of software for use on the desktop.

My desktop *NIX boxes at home and work are both OpenBSD with lots of decent software installed via ports. I hardly think that developers would bother making a port of only .00001% of the users would use it. In fact a number that low would be a partial user. Perhaps a finger or two.

Usually because you can't run it on large hardware (lack of SMP support).

Oh, you CAN of course, it's a solid bsd... but you smack into scaling problems on any kind of volume.

Really? Is that so? I know several large corporate users, Adobe Systems amongst them that would disagree with you.

As a firewall and a router, it is NOT as functional as Linux

Indeed. Filtering by MAC (unless you use it as a bridge, which is the only real place for MAC filtering), and filtering based on packet (unless you run a proxy, as the networking gods intended for higher-level functions such as content-based filtering.) It's been discussed before. I try to keep away from Linux/BSD comparison flamewars, but I will say that it does every function that several large companies want it to, or they wouldn't be using it.

and there are things it simply will not do that linux will.

<cheapshots>No, it won't get hacked within ten seconds (no exaggeration) of putting an unpatched install on the Net like Linux will. No, it won't crash on you because of some deadly library conflict or rpm chicken-and-egg hell. No, it won't be vulnerable to $BUFFER_EXPLOIT_OF_THE_HOUR like Linux.</cheapshots>

(Yeah, I'll get modded down to the depths of Hell for this. No, I'm not a BSD bigot. I configure Linux for people all the time. But arguing that it's worse for firewalls, a VERY security-based application, than Linux... sorry, that's just stupid.)

here