Slashdot Mirror

Well done OpenBSD!

Any of you who haven't already, give it a go and watch you don't get hooked :-)

Can't fight the Systemagic, Über tragic, Can't fight the Systemagic....

Just go to https://https.openbsd.org/cgi-bin/order for international orders or for European orders https://https.openbsd.org/cgi-bin/order.eu

The new artwork really ROCKS!

Just go to https://https.openbsd.org/cgi-bin/order for international orders or for European orders https://https.openbsd.org/cgi-bin/order.eu

The new artwork really ROCKS!

Just go to https://https.openbsd.org/cgi-bin/order for international orders or for European orders https://https.openbsd.org/cgi-bin/order.eu

The new artwork really ROCKS!

the much improved ports collection. Check the errata though, as some issues were found after the cd's went to press.

Not quite out yet, but watch this space.

~jeff

Not all OSS groups are like Debian. Maybe you should take a look at OpenBSD and it's history of on-time twice-a-year releases. I bet you will not find many commercial projects with better release histories than that.

In more way than one! Be sure to honor OpenSSH and the new OpenBSD 3.1 that is coming (I GOT MY TRACKING NUMBER from CanadaPOST ;P its coming!) by visiting the OPENBSD SONG PAGE. (MP3 and OGG files available!)

OpenBSD 3.1 Song lyrics (and 3.0 too) http://www.openbsd.org/lyrics.html

"Systemagic"
BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Crackin' ze bathroom, Crackin' ze vault
Tale of the script, HEY! Secure by default

Can't fight the Systemagic
Über tragic
Can't fight the Systemagic

Sexty second, black cat struck
Breeding worm of crypto-suck
Hot rod box unt hunting wake
Vampire omellete, kitten cake

Crackin' ze boardroom, Crackin' ze vault
Rippin' ze bat, HEY! Secure by default

Chorus

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default
Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default

Chorus

This song is great, and its free!.

Produced & Directed by Ty Semaka and Ian Knox. Written, Arranged and Performed by Ty Semaka (vocals, lyrics), Ian Knox (bass, drum programming), and Sean Desmond (guitar).
Recorded & Mixed at Ruffmix Audio Productions (Calgary) by Kelly Mihalicz.
Mastered by Jonathan Lewis.

OpenBSD 3.1 CD2 track 2 is an uncompressed copy of this song.
MP3 version of song (3 minutes, 2.9MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3
OGG version of song (3 minutes, 2.3MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg

In more way than one! Be sure to honor OpenSSH and the new OpenBSD 3.1 that is coming (I GOT MY TRACKING NUMBER from CanadaPOST ;P its coming!) by visiting the OPENBSD SONG PAGE. (MP3 and OGG files available!)

OpenBSD 3.1 Song lyrics (and 3.0 too) http://www.openbsd.org/lyrics.html

"Systemagic"
BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Crackin' ze bathroom, Crackin' ze vault
Tale of the script, HEY! Secure by default

Can't fight the Systemagic
Über tragic
Can't fight the Systemagic

Sexty second, black cat struck
Breeding worm of crypto-suck
Hot rod box unt hunting wake
Vampire omellete, kitten cake

Crackin' ze boardroom, Crackin' ze vault
Rippin' ze bat, HEY! Secure by default

Chorus

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default
Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default

Chorus

This song is great, and its free!.

Produced & Directed by Ty Semaka and Ian Knox. Written, Arranged and Performed by Ty Semaka (vocals, lyrics), Ian Knox (bass, drum programming), and Sean Desmond (guitar).
Recorded & Mixed at Ruffmix Audio Productions (Calgary) by Kelly Mihalicz.
Mastered by Jonathan Lewis.

OpenBSD 3.1 CD2 track 2 is an uncompressed copy of this song.
MP3 version of song (3 minutes, 2.9MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3
OGG version of song (3 minutes, 2.3MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg

In more way than one! Be sure to honor OpenSSH and the new OpenBSD 3.1 that is coming (I GOT MY TRACKING NUMBER from CanadaPOST ;P its coming!) by visiting the OPENBSD SONG PAGE. (MP3 and OGG files available!)

OpenBSD 3.1 Song lyrics (and 3.0 too) http://www.openbsd.org/lyrics.html

"Systemagic"
BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Crackin' ze bathroom, Crackin' ze vault
Tale of the script, HEY! Secure by default

Can't fight the Systemagic
Über tragic
Can't fight the Systemagic

Sexty second, black cat struck
Breeding worm of crypto-suck
Hot rod box unt hunting wake
Vampire omellete, kitten cake

Crackin' ze boardroom, Crackin' ze vault
Rippin' ze bat, HEY! Secure by default

Chorus

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default
Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default

Chorus

This song is great, and its free!.

Produced & Directed by Ty Semaka and Ian Knox. Written, Arranged and Performed by Ty Semaka (vocals, lyrics), Ian Knox (bass, drum programming), and Sean Desmond (guitar).
Recorded & Mixed at Ruffmix Audio Productions (Calgary) by Kelly Mihalicz.
Mastered by Jonathan Lewis.

OpenBSD 3.1 CD2 track 2 is an uncompressed copy of this song.
MP3 version of song (3 minutes, 2.9MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3
OGG version of song (3 minutes, 2.3MB)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg

Its a good thing OpenBSD doesn't provide a good amount of detail about their protcols and API's. Otherwise, it might become vulnerable to crackers real quick.

We are running Zope 2.5.0, and it is rock solid. The performance is excellent and the utility is amazing. It allows a totally modular setup, content management is a breeze, and this is useful when there's no central administrator for all aspects of the site (Graphics, logic and content can all be managed seperately, totally securely, all through a web-based interface or via WebDAV or FTP).

The setup starts with an LVS server, connected to an OpenBSD firewall, backended by three ZEO servers running on FreeBSD 4.4, one DB server (PostgreSQL 7.1.2) running on FreeBSD 4.4, and one central webserver running Apache 1.3.22 on Slackware 8.0, with OpenSSL 0.9.6 and Mod_ssl, with web proxying through the ZServer to the Apache box via virtual hosts. (Proxy Pass Reverse in Apache).

This combination of Linux, FreeBSD, OpenBSD, Apache, Postgres, Zope, and various other open source software packages, has been rock solid and a box has only ever gone down for hardware upgrades (RAM, HDD, etc) and software updates (kernel updates, etc).

Overall, I recommend Zope 100%, but be aware that a lot will depend on your total setup, particularly if you have high-demand sites that you want to implement.

Theowould be happy to answer all your questions about linux, hell he will even burn a copy for you and send it to you if you really need help.

Or is this so complicated that only states and not criminal indivduals can use it?

Plain Old Computers (POCs) were like that for a long time too. No worries, though, we can always work on the cryptographic development up here in Canada. Maybe this quantum stuff can even be incorporated into OpenBSD

However only making it public by allowing it to run on lame machines also makes a bad reputation.

I uderstand your sentiments, but I'm starting not to care about what the Lexus-crowd thinks about Linux and free software.

Here's an amusing story:
We do competitive bids on services/projects, and one of our prospects decided to do some due diligence on one of our bids that contained OpenBSD. We'll he wasen't amused with the funny-looking pufferfish. Microsoft doesen't have pufferfish.

With a little education, I was able to show him that the funny little pufferfish, doesen't BSOD, and doesen't have hardly any security holes.

He now has the set of OpenBSD 2.9 stickers that you get when you order CDs from Theo et al.

Just give a little bit of education and thinks will work out fine. If not, then screw them. Laugh when they get rooted, send their money to bill, and put up with BSOD's.

Slackware forever. Honestly, what else would you trust when it absolutely positively has to be stable, secure, and easy


How about OpenBSD , moron?

Sheesh.. Clueless "Linux R00l3z" retards..

Found this over at the OpenBSD (Open to Bondage, Satanism and Domination) site:

Gave me a pretty good chuckle. Fortunately I think that server can stand to be slashdotted.

Its also not exactly hard to make bootable CDs. Theo copyrighted the layout and only forbad SELLING OpenBSD CDs. He never said you and your buds can't make their own and give away copies.

That's not quite right, according to what I was told by people on the OpenBSD team.

I bought a copy of OpenBSD 3.0 and a t-shirt (the one with the Blowfish code on the back) because I wanted to support the OpenBSD team. I got the order in the mail and tried it out. I was surprised to learn there were stickers and a song included in the deal. Theo de Raadt's claim of copyright on the CD layout threw me—I thought it was Free Software where people could share with their friends. I learned you had to copy the data in a certain way using "[n]ormal dump, tar, cp operations" according to Wim Vandeputte who patiently answered my questions about making a copy for my friends. According to Vandeputte, you aren't allowed to use dd to make an ISO (the preferred format for sharing CD images over a network) and the FAQ's the ISO portion say a similar thing (I asked de Raadt about my concerns but his answers weren't as clear as I had hoped). The hinge issue is not selling copies, it's distributing copies that duplicate the allegedly copyrighted layout (I'm still not sure if such a copyright is valid). This copyright isn't mentioned anywhere on the OpenBSD 3.0 documentation that came with my copy.

de Raadt's copyright only hinders people who are trying to help him and his project. I bought OpenBSD 3.0 and the Blowfish t-shirt (the one with the Blowfish code on the back) because I wanted to help the project. If I wanted to get a copy of the discs at no charge, I could have downloaded and burned the ISOs that are already out there. de Raadt doesn't need to cajole people into contributing to the project by claiming a copyright on the discs' layout and restricting duplication to force a different layout.

I ultimately decided I wasn't going to help someone make it harder for me to share with my friends. I'll avoid OpenBSD and recommend something else to everyone, like Debian GNU/Linux, which I'm currently using. I'll be happy to reassess OpenBSD should the situation change (including going back to OpenBSD and buying releases as I had planned), but sharing freely is important to me and my friends.

I understand that the OpenBSD project needs money to keep the project moving ahead and I'm happy to give OpenBSD money, but I'm not going to pay for hassle. Their FAQ says "If for some reason you want to download a CD image, try searching the mailing list archives for possible sources." so they know the images are out there and they know de Raadt's layout copyright isn't preventing anyone from illegally sharing images. It seems unwise to me to hinder people who pay for official copies. These people most likely pay because they are looking to help the project; they will continue to pay for the CDs if the CDs are fully legally copyable. These are not the people to aggravate. In the end, I decided I will give my money to other Free Software efforts that don't hassle me when it comes to sharing.

FreeBSD NetBSD OpenBSD OS X Have a nice day!

I may be wrong on this, but I thought OpenBSD counts as Open Source, and they're certainly doing a security audit of the source code.

With one notable exception, he might be correct.

When was the last time someone did a code review on the linux kernel? What's that? It's never happened?

Face it, with a few exceptions, the Open Source community is focused on creating a product, not on creating a secure product. It is this mentality that produces a lot of the products you use today, unfortunately, its the same mentality that causes a few dozen security holes to be discovered weekly.

Its not necessarily a bad thing, but the open source community, as a whole, doesnt do much in the way of code audits.

Not having SMP, he doesn't need SMP. If somebody needs SMP badly enough, then they can send SMP Sparcs and Alphas to Sweden They have plenty of work to do witout expending their meager resources on hardware that nobody seems to care much about yet WRT OpenBSD. I am sure that by the time NetBSD has SMP running, OpenBSD will be able to use the FreeBSD source to get their own multiproc flavor brewing. I don't imagine he's as wealthy as Torvalds or Jobs, so de Raadt should probably pinch his pennies.

Fine, they can do that, but when their boot partition gets corrupted by bad code, they'll be left wishing that they used something more reliable, like OpenBSD. Or even, and I say this reluctantly, the antiquated and arcane NetBSD. No one really needs these silly features, and they can only lead to system instability and security holes.

Thank you.

...to get a Mac. If you are too cheap, convert your x86 box to BSD because friends don't let friend use Linux. :P

Slashdot types want everything free as in beer, which doesn't encourage creation.

It doesn't? Why, I though this, this, and this were all free? Or do you mean they're not creative?

This is not a black/white issue, but rather a grey one. The shade of grey has yet to be determined, but both extremes are wrong. People won't stop being creative if they don't get paid, nor will people stop being creative if they do get paid. And consumers are also black/white. When Napster was at its peak, so were CD sales. Just because you get something for free doesn't mean you're not willing to pay for the same (or similar) thing. And I'd argue that a downloaded mp3 isn't the same thing as owning the CD for several reasons - one being quality.

And how many of you still *pay* for an email address when there are plenty of email addresses to be had for free?

Remove one of them. Apparently, Dan Bernstein switches from OpenBSD to FreeBSD. He observed, as can be seen on his cr.yp.to mainpage, a large number of OpenBSD crashes including following:

2002.02.26 ~17:30 GMT through ~19:30 GMT: OpenBSD network stack crash. The load was not heavy (about 20 web downloads per second from slashdot, plus a few mail deliveries per second) and presumably would have been handled without trouble by the FreeBSD network stack.

Looks like as if OpenBSD was /.-ed.

I was intent on using my HP NetServer (with four Xeons) as an SMP OpenBSD machine. Unfortunately, Theo and co. haven't yet implemented any support (officially, at least) for SMP.

An SMP mailing list, CVS branch, and information page do exist, though. :)

Talk about hook, line and sinker! The mere mention of 'OpenBSD running on qaud processor systems' should have set alarm bells off in your little head.

As an OpenBSD user, I am well aware that it does not support more than one processor. Ooh you have been so trolled. Priceless.

Knuth: "Wait, wait - I never said that."

Heh. I think you actually meant Dan Bernstein, or perhaps Theo deRaadt, both of whom are legendary for their humility...

*nix is even worse as far as security than w2k....

A few Linux distributions may have a few security holes now and then - but other *nix's don't. Check out OpenBSD.org if you want true security that MS Windows can only deam of.

good quality programs for windows, which are easier to install

Now that's not true. Most unix and linux distribitions have easy to use programes that will fetch, configure and install software for you automatically.

With FreeBSD to install Mozilla:
type 'whereis mozilla'
the computer will respond with a directory - change into that directory and type 'make install.' Wait for a few moments and your done.

With Windows to install Mozilla:
Use your browser to go to Mizilla.org
Find the donwload section and choose.
Download and palce the file somewhere.
Execute it.
Ansewer a bunch of installer questions.
Next-Next-Next-Finish.

As you can see. Some (if not most) Unix systems are easier to install software on than Windows. You could do the same for KOffice in FreeBSD - and I won't go into detail on the difficulty of installing MS Office on MS Windows - in Windows you even have to reboot!

It is being sponsored by DARPA.

Cool stuff. They built it with security in mind and it runs under:
Linux, OpenBSD, FreeBSD and Solaris.

Other useful links:

http://linux-anus.sourceforge.net/
and

http://www.openbsd.org/Ports/amigapee/.

I've been holding off grabbing any of the release
candiates hoping the zlib, OpenSSH and other
recent security fixes would be incorporated.

I can't find mention of these updates for 8.2 on
the Mandrake announcement site, or forums.

Anyone know if zlib and the gang have been fixed?

My query about this on the Mdk forums was
immediately marked as "-1: Offtopic" suggesting
to me the fixes are not there. :/

You got cracked whilst running ssh? How?

I'm guessing that you didn't notice that ssh was found vulnerable to an off-by-one compromise recently, and that a new version is out. Check out the advisory on it, and get the latest version while you're there.

The solution to security flaws like this is not running in runlevel0 - it is diligance and administration. Subscribe to bugtraq (here, and keep an eye on what's coming out. Do an occasional nmap scan against yourself. *Know* what ports are open, don't wait to be surpised. ssh is by no means "stupid". Neither are you. Not keeping up to date on what's out there, however, is.

I suggest you switch to BSD instead and become a Certified Gay BSD Engineer. You even get a cool badge!

; )

I purchased OpenBSD from 2.5 to 2.8, until I suddenly became too poor to pay 50 Aussie bucks for the official CD's and found out how easy it is to make my own bootable OpenBSD CD's for just what I need...

If you want x86, then just download it from the OpenBSD ftp site.

wget -r ftp://ftp.openbsd.org/pub/OpenBSD/3.0/i386/ Makes it easy.

Once thats done...

cd ftp.openbsd.org/pub/OpenBSD,

then...

mkisofs -v -r -l -L -T -J -V "OpenBSD-3.0" -A "OpenBSD v3.0-Release, Custom ISO, 17-03-2002." -b 3.0/i386/cdrom30.fs -c boot.catalog -o openbsd-i386-3.0.iso -x openbsd-i386-3.0.iso .

Burn that ISO!

Now though, I'm no longer terribly poor and want more than just x86 (I want x86, Sparc64 and Alpha), so I'll be buying lots more official CD sets and T-Shirts.

; )

I purchased OpenBSD from 2.5 to 2.8, until I suddenly became too poor to pay 50 Aussie bucks for the official CD's and found out how easy it is to make my own bootable OpenBSD CD's for just what I need...

If you want x86, then just download it from the OpenBSD ftp site.

wget -r ftp://ftp.openbsd.org/pub/OpenBSD/3.0/i386/ Makes it easy.

Once thats done...

cd ftp.openbsd.org/pub/OpenBSD,

then...

mkisofs -v -r -l -L -T -J -V "OpenBSD-3.0" -A "OpenBSD v3.0-Release, Custom ISO, 17-03-2002." -b 3.0/i386/cdrom30.fs -c boot.catalog -o openbsd-i386-3.0.iso -x openbsd-i386-3.0.iso .

Burn that ISO!

Now though, I'm no longer terribly poor and want more than just x86 (I want x86, Sparc64 and Alpha), so I'll be buying lots more official CD sets and T-Shirts.

I see Mandrake as a fantastic Linux distro. I commonly recommend it above Red Hat and even above the otherwise really great (but more effortful to install) Debian. Definitely, it's what I suggest to my Windows colleagues for a taste of Linux.

Anyways, that's what's kind of ironic about their plea for a subscription-based Member Club. Their perfect niche is Linux newbies, but those newbies probably won't grok the concept of why they should subscribe monthly for their OS. (In fact, it tends to be the Linux crowd shouting at them to NOT buy into evil subscription models that are coming down the pipe by Microsoft.) And those of us that "get" it and recognize how important Mandrake could be are likely "move on" to other distros like Debian (for their social contract)), or maybe even dip into something like OpenBSD (for its priorities on security and robustness). Anyways, as I'm skipping around installing different distros for different purposes, it's hard for me to buy into a Membership for just one. Sigh.

Mandrake, your excellent installer has probably got you unfairly pigeonholed!

If the strength of Linux is closing the barn doors after the horses have ran amok, I think I'll investigate BSD, where they, you know, actively audit the code.

Yes, if security is your main concern, one should consider OpenBSD. And their creating of OpenSSH is a great service towards the entire open source (heck - IT / infosec) community. But lets not use it in a lame attempt at a flame war.

more proof that linux is developed by children and childish adults, while real OSs are Developed by professionals.

its been said hundreds of times: linux is for children who hate microsoft, bsd is for people who love unix.

You can do quite a lot with a default install of OpenBSD. A default install does not have all services turned off - for example, SSH runs by default. The idea is, however, that you should have a pretty good idea what services you're adding, and be careful to ensure you do so securely - generally this is a much better idea than starting with a system whose services were enabled by default and then attempting to secure neccessary ones and disable unneccessary ones...

Four days without a remote hole in the default install!

Not sure if OpenSSH is enabled by default though.

• OpenBSD
• MacOnLinux which lets you run Mac OS on top of Linux
• Darwin which lets you run the X server and related programs
• Windows if you have to via emulation (which is also very fast.

NetBSD is not completly on new grounds here [they already had PowerPC and VME code]. For the kind of application these machine runs, having a free OS alternative will be more usefull to companies than having something using a restrictive licence like Linux and Darwin.

Your misconception is why you have "suffered" all of this. A compiler can be used to get root, with the right exploit, e.g. a kernel race condition. If I somehow worked out how to get a non-root process to run something it compiled for me (some exploit), I can elevate my privileges if the kernel has the right kind of bug. These things do happen, for example, this one.

"dustmite" was correct, a firewall does not need, and should never have, a compiler.

emBSD based firewalls are built on OpenBSD. Right now there is a 1.x line of emBSD which is built on OpenBSD 2.9, and there is a 2.0 emBSD beta which is built on OpenBSD 3. It is built to be a hard core firewall/router running from 32 megs of flash memory. I'm running LRP on a few systems (some floppy, some from IDE based solid state disks). I plan to migrate my LRP systems to emBSD 2.0 when it comes out of beta.

What? A free packaged firewall. This I think fits that question like a glove.

Four years without a remote hole in the default install!

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.

OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set. The current release is OpenBSD 3.0 which started shipping December 1, 2001. The CDs (and Shirts) can be ordered...

OpenBSD contains OpenSSH, which supports SSH1 and SSH2!

OpenBSD is developed by volunteers. The project funds development and releases by selling CDs and T-shirts, as well as receiving donations. Organizations and individuals donate and thus ensure that OpenBSD will continue to exist, and will remain free for everyone to use and reuse as they see fit.

Having a central Windows machine and thin clients for each of the users was a horrendous mistake. Whole labs spent as much time non-functional as they spent functional. Even having users change their passwords was problematic. Now, this was a few years back now and things may have improved. However, the only way I'd consider this is if the company you are buying the hardware from will guarantee uptime. This should be at least 99.9% uptime (and yes, this includes security patches and hardware failures), otherwise you are going to get crucified.

On the other hand, the computing science department also maintains several labs running OpenBSD for the client operating system. A student can log in to any computer in any lab because the /home directories are exported (over NFS, I think, but I could be wrong) from central file servers. The default software is installed locally so things can run very quickly but a large amount of additional software is also installed on central file servers and exported out to all the machines.

That setup is not bulletproof but the uptime is measured in weeks or months rather than hours or days. Depending on the year, it probably approaches 99.9% uptime. It also has the nice advantage of almost all of the software being entirely free.

So which should you go with? From my experience (ymmv), the clearly superior technical solution is to run OpenBSD on a large number of semi-thin client Intel machines. This is far more reliable than a competing Windows solution. From a cost perspective, there's really no comparison. That said, this assumes that you can migrate over to a Unix style environment. Not everyone can. Do not forget that you'd be throwing out all your Windows software using this solution. Also, you require sysadmins who are familiar with Unix. I assume this is the case.