Slashdot Mirror

No, there just aren't any finish mirrors because nobody from finland has bothered to do anything about that. Check ftp.html if you'd like to fix that.

Get a clue. You need to download files from one. As an example, ftp://ftp.openbsd.org/pub/OpenBSD/2.8/i386/ contains less than 95Mb of data. Why would you rather download ~600Mb?!

I kind of like this new artwork, kind of hope it ends up on a poster or sticker or something.

Unfortunately, I find it's ports selection somewhat lacking

Feedback as to what is lacking is always appreciated...

Remember that OpenBSD provides enhancements to the other BSD's ports systems in the form of FLAVORS (which allow multiple options per port, for example in the case of PHP, you can select php-mysql-imap), and FAKE, which installs the port into a separate directory for packaging, instead of directly in the filesystem.

Right now, I'm tinkering away at a curses (visual) interface to the whole tree, that will allow advanced searching and browsing, instead of just through the command-line interface.

If it's just volume of packages that you find is bad, then please feel free to read bsd.port.mk and help the team out! Simply port your favourite application up and post it to ports@openbsd.org

boot cd:,ofwboot /2.8/powerpc/bsd.rd

and you're dropped into a text-terminal with all the usual OpenBSD console messages. The console messages appear to be quite slow even on fast machines but the OS itself is quite fast. The only word of warning is that for X to work, you'll need to set the screen to operate at 1024x768 or 800x600.

The set of documentation for contents that I submitted just prior to the cd being pressed is at:

http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/ notes/powerpc/contents?rev=1.23

The full INSTALL.powerpc file can be viewed here:

http://the.wiretapped.net/security/operating-syste ms/openbsd/2.8/powerpc/INSTALL.powerpc.

I was last working with a snapshot from about 3 weeks ago, so I'll load up the release version in a little while and see how it goes...

One final thing - FTP install works great, so if you're on a fast connection, I can recommend it. Currently supported drivers in 2.8 release are the gm0 onboard controller in iMac, Blue G3, G4, Cube etc and de0 (DEC Tulip 21x40). The only gotcha is that last time I checked, the gm0 in the dual processor G4's would not operate on 10baseT or 1000BaseT - only 100BaseT Half Duplex or 100BaseT Full Duplex. Dale @ OpenBSD has been looking into it.

Grant
(who couldn't be bothered getting an account let alone signing in)

Oh really ? I don't think they look at ports all that closely. LOOK at the 2.6 errata. Look at RZSZ snooping. I can't believe they actually looked at the source for this and let it get by!

According the this, the CD is powerpc bootable. Built binary support isn't so great, but you can have fun building your own. I'm thinking of installing this on an iMac...should be an interesting experiement.

-----
#cd /

I'm afraid I just don't see why there is such a flurry of discussion to the effect that OS-X will somehow "vitalize" the usage and understanding of the BSDs. From what I hear, MacOS-X represents a "pretty light" variation on BSD, combined with a horde of MacOS-oriented graphical tools.

As such, it decidedly won't come with the hordes of CLI and console tools you'd expect to see in the typical NetBSD / FreeBSD / OpenBSD installation.

I would think it a whole lot more economical, and likely more of a "Unix-oriented" learning experience, to head to CheapBytes and order CD sets for all three of the "free" BSD variations for IA-32, perhaps along with some of the O'Reilly BSD documentation. That'll cost a whole lot less than a G3 PowerMac, nay, that, including a wall-full of documentation, might well cost less than merely getting the MacOS-X license.

If you have a newer (read: iMac or G4 series) PowerPC Mac, you can run OpenBSD/powerpc. For any other PPC system, try NetBSD/macppc. If you're running a 680x0 version Mac, see OpenBSD/mac68k or NetBSD/Mac68k. To compare with a linux distro for mac, try Yellow Dog Linux, Linuxppc.org, mlinux, or Linux/m68k. I believe Debian runs on macs, too.

Personally, my experience with linux was not so great (I used redhate 5.2 and 6.0 neither of which was very stable or powerful) so I would recommend BSD which is both (not to mention secure as all hell if your machine supports OpenBSD). Perhaps I will give Linux another go when I get another box to put it on. Honestly, it doesn't really matter, as long as you are committed to using a free Unix-like OS and are willing to put in the time to learn the OS, pretty much any BSD or linux will do. Just find what agrees with you most and what is best for your tasks.

-----

If you have a newer (read: iMac or G4 series) PowerPC Mac, you can run OpenBSD/powerpc. For any other PPC system, try NetBSD/macppc. If you're running a 680x0 version Mac, see OpenBSD/mac68k or NetBSD/Mac68k. To compare with a linux distro for mac, try Yellow Dog Linux, Linuxppc.org, mlinux, or Linux/m68k. I believe Debian runs on macs, too.

Personally, my experience with linux was not so great (I used redhate 5.2 and 6.0 neither of which was very stable or powerful) so I would recommend BSD which is both (not to mention secure as all hell if your machine supports OpenBSD). Perhaps I will give Linux another go when I get another box to put it on. Honestly, it doesn't really matter, as long as you are committed to using a free Unix-like OS and are willing to put in the time to learn the OS, pretty much any BSD or linux will do. Just find what agrees with you most and what is best for your tasks.

-----

OpenBSD for Mac68K
NetBSD for Mac68K

I can't vouch for either of these on PPC. I use Linux on those boxes.

-B...

• Free Software Foundation
• OpenBSD
• Apache
• NetBSD
• PostgreSQL
• SAMBA
• FreeBSD
• LinuxFund.org
• KPFK radio

Obviously it depends on your personal preferences, but you could try:

the FSF: donate here
KDE: contacts here

other projects as you use them; e.g., netbsd, openbsd, Apache, XFree86.

Or just donate computers to Africa or somewhere.

Personally I don't think *BSD can be compared to a distrubution of Linux. I think of Linux as a police force and *BSD as the FBI. *BSD is more stable, more professional, more rock hard kick ass. I picture Linux to be more slick, stable, personal and cool. There are three main BSDs, FreeBSD, NetBSD, and OpenBSD. As far as I know, FreeBSD seems to be focused on stability, and being robust. OpenBSD is focused on security. NetBSD seems to be focused on being a server and running on many platforms.

It's a unix thing: fsck - filesystem consistency check and interactive repair

Links if it was a serious question...

man page for openbsd fsck

jargon file: fsking

Operating systems.

The relevant snipping :

What about Other Operating Systems?

Issues

There's some issues that need to be addressed.

KBus

Obviously, this is ground-level work.

KAP Processor

The IDT's KAP processor is a derivative processor that has a lot of Mask Level bug workarounds in OS/MP.

Linux

No Support that i know of. You can obtain more information from the S/Linux FAQ

OpenBSD

No Support that i know of. You can obtain more information from the OpenBSD SPARC support list

The OpenBSD changes page lists KBus work as being added, but i see nothing else.

OpenBSD 2.2 released (Dec 4, 1997) Addition of 'kbus' port for the Solbourne Series5 sparc-based machines. , 1997) Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.

Operating systems.

The relevant snipping :

What about Other Operating Systems?

Issues

There's some issues that need to be addressed.

KBus

Obviously, this is ground-level work.

KAP Processor

The IDT's KAP processor is a derivative processor that has a lot of Mask Level bug workarounds in OS/MP.

Linux

No Support that i know of. You can obtain more information from the S/Linux FAQ

OpenBSD

No Support that i know of. You can obtain more information from the OpenBSD SPARC support list

The OpenBSD changes page lists KBus work as being added, but i see nothing else.

OpenBSD 2.2 released (Dec 4, 1997) Addition of 'kbus' port for the Solbourne Series5 sparc-based machines. , 1997) Addition of 'kbus' port for the Solbourne Series5 sparc-based machines.

I don't subscribe to the notion that these are in opposition to one another. That OpenBSD is not always the answer is very true. But all good things have their purposes. In fact, I use them both in my segmented, handy-man-special, home network:

OpenBSD for Mac68K (all these were bought for a pittance on eBay):
2 Quadra 700s: transparent firewall (ipf) and 3-legged NAT (ipnat)
Quadra 610: mail server (qmail)
Centris 610 (w/68040): dns server (djbdns)

LinuxPPC: (Bastille'd by using the Sparc trick on the FAQ)
2 7300s: apache and MySQL (soon to be PostgreSQL?)
9500/G3: mol / streaming with videod, icecast (Better choices are welcome.)
Pismo PowerBook: dual boot

I haven't had as many years using Linux (only 2) as you have. And aside from that my computer experience amounts to a few mid-'80s semesters of VAXen and the entire life of the Mac platform -- and around 4 months of NetBSD and OpenBSD. But I have to say it (adding BSD to the mix) hasn't been that hard at all. There are many similarities with Linux. Much of your current knowledge will transfer. For anyone who has learned guitar and then tried bass, or ukulele, you've experienced this before.

-B...

AC botched the link to goatse.cx. Here's a working link to the OpenBSD install instructions.

"This was a deplorable act of industrial espionage," Microsoft spokesman Rick Miller said Thursday. "We're taking this very seriously and have both an immediate and long-term solution to protect our internal corporate network."

2. it must prevent swapping to disk - because otherwise, you can encrypt all you like, but the data is still fairly easy to recover.

You don't need to prevent swapping to disk. For example OpenBSD2.7 supports encrypting swap space.

Encrypting swap (or filesystem) should be possible also in Linux (see Encryption HOWTO) and Windows (see e.g. SafeGuard Easy).

Tell that to the folks over at OpenBSD. I'm sure they will disagree right after showing you the source to their software.

Relevant URLs:
Dan Bernstein's page. Home of Qmail and djbdns.
The OpenBSD and OpenSSH home pages are full of useful information.
PuTTY, a free Windows SSH client Great for on road trips, internet cafe's, consulting, etc.
Mutt, the One True mail client. Takes some getting used to, a good .muttrc doesn't hurt either.

People seem to overlook qmail when setting up a reliable, secure system. Having dealt with Sendmail and Qmail, I would suggest the latter to anyone who cares about security or performance. The same logic applies to BIND vs. djbdns.

If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org and Claus Assman's useful site on configuring sendmail.

I had similar paranoid security concerns, so I set up OpenBSD. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP, and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

If you're new to UNIX admin though, try looking at FreeBSD. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

TinyEgo

I've been on RoadRunner for almost 2 years. I don't think I've had more than 5 IP addresses in that time. About 2 months ago my RedHat 6.2 firewall was getting crashed about every other day. I could see a ton of ftp attempts getting blocked, so I assumed someone published the wrong IP for their warez/mp3z server. I thought I would try to change my IP. The only way I could do it was to swap out the ethernet card and get a new MAC address. I suppose I could have left it shut down for a day or two, but didn't have the time.

Then I moved to OpenBSD and haven't had a crash since. Well, that's not exactly true. I did have one, but once I taped over the power button on that machine, my 1-year old can't pull that trick again.

There is no way I would run my Win2000 or NT4 Server boxes without a firewall. I've got a two-page list of what I need to do to attempt to secure an NT4 or Win2000 web server.

That's all true, of course, but if you look at the main OpenBSD page [ link ] then you'll notice the "Three years without a remote hole in the default install!" quote. Now, if you're using OpenBSD as a firewall you're not going with the default install, but this claim is a lot stronger than any other OS out there today.

Doesn't matter what OS you run, if its misconfigured, its not going to be secure. Look here if you think it is 100% secure. I know you were probly making a bit of a joke when you posted, but I still think its worth mentioning that no OS is secure unless you maintain and keep it up to date.

but this would be a good time to mention

OpenBSD

Well, if what you want is heavy duty commitment to encryption, security of your computers' data AND swap space, IPSEC -- and what was that other project? F(ree)/SWAN? -- yet you want Linux binary compatibility and throw in it that it must be Free Software, at least as secure as Linux, more so actually, and offers full IPv6 support now to boot, then consider OpenBSD.

It's a UNIX and it's decendant of the BSD code, which means that it offers a very mature networking code base.

--
Me pican las bolas, man!
Thanks

Given this, let's compare:

Microsoft asserts its market share by bundling products that users have no (easy) way to remove, and by using proprietary technology to give their own products an edge. (hidden APIs, for example)

RedHat asserts its market share by bundling products that users have no (easy) way to remove (much easier than Microsoft, but see the first paragraph above), and by using complicated open-source technology to give their own distribution an edge. (C++ binaries that are not compiled with GCC 2.96 won't link against the C++ library supplied with RedHat due to C++ name mangling; the user must either get a statically linked version (which isn't usually provided), compile from source (which they don't know how), or stick with RedHat's products).

There's a big difference between "it can be done" and "it will be done"; it's called barrier to entry.

Granted on one level, but did you have a junior administrator "update" a server with 7.0 and then wonder why the mail wasn't being delivered? Then discover the Microsoftish rhn daemon spanking you with file descriptors galore because the have an incompetent coder in the fold. Sounds like MSFT and RHAT are equivocal in some respects: the ones that matter.

Soter me

What ever happened to releasing software when it was ready. Is Debian the only distribution that does this?

The alternative approach is to keep your software in a constant state of near readiness, so you can easily meet any release dates you care to set. OpenBSD does this. Although I wouldn't do it for a server, I consistently run my workstation at the current state of the CVS tree, and encounter hardly any problems. The OpenBSD team can comfortably commit to releases every 6 months, and meet those dates.

Of course, the OpenBSD team isn't hellbent on prying money out of the hands of consumers.

I think in general when bugs are first found, there should be a small window of time given to the developers to fix the bug. There is no need to publish a bug only to let every script kiddy out there crack your box. 45 days is pushing it way too far. Sure it's good that CERT is going to release more information, but I think that a more realistic set of time is three days. I think I read somewhere in which someone from OpenBSD stated that most security bugs can be fixed within an hour if the bug is known. Three days would be plenty of time. I know that some open-source zealots might think that all bugs should be reported immediately, but in truth this should only be the case when it is a true community project such as the linux kernel. Just because something is put under the GPL, does not mean that it doesn't have a main set of centralized developers.

Well, if you used OpenBSD, you wouldn't have to worry about things like that. For example, it has an encrypted swap space, using Blowfish 128bit encryption.

Good point, but since May 27, 2000, OpenBSD uses Rijndael ; to encrypt the swap file, for faster key setup. (yet an other example of "That was fixed 5 months ago"),

but then my swap area isnt encrypted

Well, if you used OpenBSD, you wouldn't have to worry about things like that. For example, it has an encrypted swap space, using Blowfish 128bit encryption. Open Source software is likely to come out far ahead on this front, since they are uninhibited by things like slow response time to requests for software features. If there are enough people who want a feature, they just code it right into the OS themselves.

... OpenbSd
<O
( \
XPlay Tetris On Drugs!

Exactly how is NetBSD any more secure than Linux, except for the fact that it includes less?

If they were concerned about security, they'd run OpenBSD, which runs just as well on the MIPS architecture.
--

Too much of linux and opensource have this idea that boxes should be "locked down" and "hardened" after installation. Really smart people say that, but it's totally wrong. Boxes should start out without known ways of getting in. Any access should be "opened" or "unlocked" or even softened" if that's what you want to say.

• 019: SECURITY FIX: July 5, 2000
  Just like pretty much all the other unix ftp daemons on the planet, ftpd had a remote root hole in it. Luckily, ftpd was not enabled by default. The problem exists if anonymous ftp is enabled.

Now that is what proactive security is all about.

You're talking about software anyway. It might be a fun challenge to write a bot that uses AI to interpret nmap results, find vulnerable daemons, then have it try to "h4x0r" other systems and learn how to break them -- it would autmatically write scripts for the kiddi3z, too!
--

OpenBSD runs
it as user 'named' by default...

Everyone already knows that Darwin works on x86. And everyone also knows that this has absolutely no impact on Apple's business plan, and does not mean that OS X will run x86. It's also irrelevant because there are several BSD-based systems which are much more worthy of x86 PC users' time.

Let's run through more facts that everyone should know. This has nothing to do with GNU/Linux or the GPL. It does not mean that Photoshop will work on FreeBSD. It doesn't mean that the Free Unix community will see an outpouring of money, code, or other support from Apple. All it means is that Apple decided to, for once, release a real operating system. They lack the talent to do so, as should be evident from MacOS 1 through 9. They found an excellent codebase, which, do to the wonderful BSD license, is essentially free (as in both pro bono and libre) for them to plunder however they wish. So they take twenty years of the best operating systems code ever written and, um, "embrace and extend" it with the GUI that Jobs brought with him from NeXT. Very "innovative". They then release this code, which allows Mac lusers run Photoshop without crashing, and allows them to get very rich with very little work.

Years of hard work and research from many real computer professionals associated with several projects across the country and around the world go to buy Mr. Jobs another few houses (hice?) and cars. Yay.

(And this, my friends, is flamebait. I love Fridays.)

---------///----------
All generalizations are false.

True enough. Hey, if you're interested in running secure sites, or even just interested in computer security in general, check out OpenBSD. It was designed to be secure from the ground up...

export restrictions make it tough to get OpenBSD if you're in the US (Which is why they are based in Canada)

Sorry, but you got that bit wrong. The fact that Theo distributes out of Canada makes it easy for the entire world to get OpenBSD. The only problem with exports is shipping encryption code out of the US. Although, it seems to me that some of those restrictions have recently been weakened. Not sure about that last bit though.

Try it yourself. Order up a copy from the website. If you live in the States or Canada you should have your very own copy in about a week. No hassles involved :)

Use snprintf(3), or the other "n" variants. Like snprintf(buf, sizeof(buf)-1, format, ...). The -1 isn't needed, but it makes me feel better (whoever implments the libc function might not have read the spec close enough).

Is ssh or apache ssl based on the RSA algorithm or the BSAFE software?

Oh, and ssh is based on RSA algorithms, tho' it also has Blowfish available. To get around the licensing restrictions around RSA, the OpenBSD guys have you download OpenSSL first and build ssh by linking to the OpenSSL crypto shlibs .... The newer version of ssh (Version 2) doesn't use RSA crypto, BTW.

Check out the OpenBSD crypto pages

instead of fixing the problem.

It's really kind of rank how everyone who considers him/herself a *n?x geek blames everyone's security problems on stupidity. So because I didn't spend a year or two reading Linux manuals and experimenting before hooking up to the Internet, *I* am to be blamed for the fact that 90% of the default *n?x installs are full of gaping holes? That's like a car manufacturer blaming the consumer for not knowing his car leaked gasoline, thus fixing it before he drove it anywhere. "What do you mean you didn't know it was leaking, stupid? It's not our problem it blew up! Everyone knows that cars leak gas and have to be fixed before use! Sheesh. Idiot."

Knowledge should be used responsibly. When you hand out an insecure product to a mass of people that you *know* aren't going to understand how to secure it, that's just inexcusably irresponsible. The more you say, "Those stupid users, it's all their fault!!" the more you blind yourself to the fact that the real problem is at the source, and security problems like this will just continue. Until the people who hand out the software decide to take responsibility and secure their products *before* they get to the user, things will only get worse. Expecting each user to not only become a *n?x expert, but to be one before receiving the software , is simply unfeasible.

Or, to put it another way, it's just plain stupid.

MSFT burned its way into the history books with operating systems so full of holes that today they have to be protected from approximately 47,000 different viruses (at least that's what Norton Antivirus tells me, I take it with a grain of salt). Why the free software community seems to be bent on replacing them as the newest totally insecure product, is beyond me. They seem to be doing a damn good job of it though. If they followed an OpenBSD-like philosophy, we'd have a lot fewer problems.


=============================================

I also wonder what packaging systems it wil be based off of; will it be like RPM with lots of functionality but confusing or absent categorization (my RPM databases always turned into one package per category because I'd install mandrake or SuSE packages on top of RedHat), or will it be like .deb with a simpler style?

There is already a package system. It is something like Red Hat, but there are no categorizations (at least in the OpenBSD version; I really only have some experience with it). You can check out the (in no particular order) OpenBSD man pages and port info, the FreeBSD port section of the FreeBSD handbook, and the NetBSD pkgsrc info. Reading those pages should give you more information about BSD ports/packages.

-- Floyd

I also wonder what packaging systems it wil be based off of; will it be like RPM with lots of functionality but confusing or absent categorization (my RPM databases always turned into one package per category because I'd install mandrake or SuSE packages on top of RedHat), or will it be like .deb with a simpler style?

There is already a package system. It is something like Red Hat, but there are no categorizations (at least in the OpenBSD version; I really only have some experience with it). You can check out the (in no particular order) OpenBSD man pages and port info, the FreeBSD port section of the FreeBSD handbook, and the NetBSD pkgsrc info. Reading those pages should give you more information about BSD ports/packages.

-- Floyd

OpenBSD - Three years without a remote hole in the default install.

of open source is, that it is marked as "stable" when and only when it is really stable (and not when marketing has decided to ship the product), and yet you can still have your bleeding edge program when you like it.

Open source does guarantee that bugs will be found rather than left concealed, and that they can be fixed straightforwardly. It doesn't in any sense keep them from being made or released in the first place.

The fact of the matter is that some open-source and free-software projects have a vastly better track record in terms of stability (which includes security) than some others.