openbsd.org · Domains · Slashdot Mirror

Re:"BSD" Copyright by JonMaddogHall · 2018-12-02 06:58 · Score: 1 · on RISC-V and Linux Foundations Partner to Promote Open Source CPU (techrepublic.com)

"BSD", as some idiot quoted it, is NOT a "License", it's a *Copyright*. There is a huge difference there. Get it right.

The BSD style Copyright is now best represented by, and deployed as, the following...

https://www.openbsd.org/policy.html https://cvsweb.openbsd.org/src... https://www.freebsd.org/copyri...

With additional discussion here... http://landley.net/toybox/lice... https://urchin.earth.li/~twic/...

You should also know that the next major release of FreeBSD 12.0 will be out in 1.5 weeks :-) You can liveboot the RC3 sampler from USB today.

Copyright is a legal concept emblazoned in the United States Constitution and in many other countries around the world. To make a lot of legal stuff as simple as possible, it means "if you write the code, you own it and have the right to say what happens to it". Since you are the owner, you now have to do something to allow usage by someone else. That "something" is the license. BSD is a license, not a copyright. BSD always was more permissive than most other licenses, and over the years it removed the few requirements that it had, until now the "0BSD" license is almost indistinguishable from "Public Domain" software. However, it is best to put a license somewhere in your code stream, just to let the people who want to use your code that they can and under what circumstances.

Re:Anyone switch from Linux to BSD? by mangastudent · 2018-10-19 23:19 · Score: 1 · on OpenBSD 6.4 Released (openbsd.org)

So the same as any Linux distro, but with OpenBSD I just boot bsd.rd, I choose upgrade, and then pkg_add -Ui. Done.

Well, going by the 6.3->6.4 upgrade, which I just did a trial run of, you may have to fiddle with a few config files, and do some minor tweaking like deleting an obsolete daemon and its user and group, but it's quite straightforward if you have basic command line system administration skills.

Re:Anyone switch from Linux to BSD? by mangastudent · 2018-10-19 05:26 · Score: 1 · on OpenBSD 6.4 Released (openbsd.org)

I misunderstood your comment to mean you need to do a full reinstall from scratch, meaning configuration and setup. That is not the case.

I'm just now seriously starting my move from Linux to OpenBSD, and just did a trial 6.3->6.4 upgrade of a vanilla only one package installed scratch 6.3 installation. It does look like the process reinstalls all? the standard binary etc. system files, but as you say, the configuration, disk setup, etc. remains the same.

Here's the upgrade guide BTW. It's all manual, but easy for people with sysadmin experience. Replace the bsd.rd ramdisk kernel (for AMD64 it's tiny at 9.6MiB, although I suppose that means it's missing a lot of device drivers Linux and Windows have), tweak config files where syntax or semantics have changed, remove obsolete stuff, boot from that new ramdisk kernel, follow the easy prompts, fix up any mistakes you made in updating the config files (there's a tool to help with that), update your non-base system packages, and you're essentially done.

Not quite for this release, e.g. it turns off Intel Hyperthreading by default, and my OpenBSD scratch system is using a cheap 1 core 2 Hyperthreads Celeron CPU, so I need to turn that back on to test its SMP, and if I was using a sound input, I'd have to carefully turn that back on, it's now disabled by default for the obvious reasons.

So far I'm quite pleased, it's sane like the V7, BSD2.x and 4.x systems I used in the 1980s, but I haven't put it to serious use yet.

Re:Anyone switch from Linux to BSD? by grub · 2018-10-19 01:52 · Score: 2 · on OpenBSD 6.4 Released (openbsd.org)

"with OpenBSD, you must reinstall the whole system at least once a year, if you want to keep it secure"

Nonsense. There is an upgrade option when you boot from the ISO or ISO image. Here how you upgrade from 6.3 -> 6.4. I have gone this route for years and it has never failed me. Just be sure to check what it is suggesting and watch the diffs.

Re:No Code of Conduct yet? by lloy0076 · 2018-10-18 23:37 · Score: 1 · on OpenBSD 6.4 Released (openbsd.org)

But they DO have release songs (although only up to 6.1):

https://www.openbsd.org/lyrics...

Track records matter. by emil · 2018-06-20 03:12 · Score: 5, Insightful · on OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com)

The current release of OpenBSD, version 6.3, has issued a total of 10 patches against base since release on April 15th. Four of these are security-related, and six are reliability bug fixes.

Oracle / Red Hat Linux in that time has issued 50 security-related patches, and hundreds more that are classed as bug fixes or enhancements.

Linux is strong because it scales up and down very well, it exploits CPU features for speed to make applications run very fast, it is friendly to new features, and it has the most market share in the POSIX realm. Linux is weak because it has sacrificed security for speed in many cases, and we have Dirty Cow, Towelroot, and many similar problems in userspace - this makes Linux a bad choice for systems that will not receive patches (i.e. phones, IoT devices, embedded systems, etc.).

OpenBSD prioritizes security over speed and flexibility. It does not implement fine-grained SMP due to security concerns, and has a "big kernel lock" that Linux left behind in 2.2. It ignores many well-known standards (i.e. NFSv4). There are many things that you cannot do on OpenBSD, but what you can do is magnitudes safer than Linux.

Android politely stole OpenBSD's entire libc implementation (and then ignored it for several years), and IIRC the OpenBSD code is the largest contribution outside of the kernel itself.

OpenBSD is also the home of OpenSSH, which itself is quite secure.

I trust the opinions of the OpenBSD kernel architects, and I will look forward to their patch.

Re:Opt-In? by Anonymous Coward · 2018-06-20 02:21 · Score: 0 · on OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com)

By using OpenBSD you have already opted in to using the most secure code possible, even at a performance cost. They say:

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

where does it say what you said it says?

Re:Opt-In? by Chrisq · 2018-06-20 01:48 · Score: 1 · on OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com)

By using OpenBSD you have already opted in to using the most secure code possible, even at a performance cost. They say:

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

Re:Opt-In? by Humbubba · 2018-06-19 19:29 · Score: 5, Insightful · on OpenBSD Disables Intel CPU Hyper-Threading Due To Security Concerns (bleepingcomputer.com)

thegarbz says

Given the class of Spectre and Meltdown attacks rely on someone else having the freedom to execute code on your hardware, shouldn't something like this be opt-in? There's a whole world of servers out that where Spectre is ultimately completely irrelevant in terms of a security threat, but hyperthreading is definitely not irrelevant in terms of performance.

I can't do any better than quote OpenBSD on this:

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make.

https://www.openbsd.org/security.html

Re:Nothing stops Root from resetting append by eneville · 2018-06-11 07:37 · Score: 1 · on China Hacked a Navy Contractor and Secured a Trove of Highly Sensitive Data on Submarine Warfare (washingtonpost.com)

Nothing stops Root from resetting append access only (I do it in the program I noted to Mr. Stoll himself during the File Open (as append, reset etc.)/Read-Write/Flush-Close cycle either really IF you think about it...

Same goes for diverting where the print goes. Difference is though, if both are attacked, you have some chance of grepping the logs, grepping print output takes a much longer as eyeballs don't work as fast. This assumes you can do something with it afterwards. On a laser, I'm not sure, but if you close the print fd file, I think it ejects the page. On line printers, this isn't as much an issue. If there is a large (page) buffer, then I think there's some chance that the lpd could be -9'd thus nothing gets written. Obvious when the admin gets in, but was damage done in the meanwhile? To be honest, I'm more bothered about dormant intrusions, those that are immediately obvious are less of a problem as you can deal with those.

My hints were towards https://man.openbsd.org/OpenBS...

I'd have more confidence in that than other methods. Granted you have to reboot to rotate, but it seems a fairly good compromise and has a lower carbon foot print than the paper method. There may also be times when the log buffer fills waiting for the printer to warm up and some connections may time out, though I've never checked this, would be mighty annoying if you cannot ssh to quiet machine because the log write hasn't returned.

Small nit, but by 93+Escort+Wagon · 2018-04-02 08:16 · Score: 4, Informative · on OpenBSD 6.3 Released (marc.info)

Why does the submission link to someone’s “congratulations” email response instead of the original email announcement... or the web posting about the release itself?

https://www.openbsd.org/63.htm...

SPARC by emil · 2018-03-06 04:10 · Score: 1 · on Chrome On Windows Ditches Microsoft's Compiler, Now Uses Clang (arstechnica.com)

Google ought to pour a LOT of love into a SPARC port. The best-situated would be OpenBSD.

Why, you ask? For the same reason that Microsoft's original target for the NT kernel was MIPS, and x86 was specifically secondary - oddball architectures will force you to clean up your code.

OpenBSD is also vicious in showing you your use-after-free mistakes since malloc() uses mmap() instead of sbrk() on their platform.

The other architectures that OpenBSD supports have benefited because some kinds of bugs are exposed more often by the 64-bit big endian nature of UltraSPARC.

OpenBSD has said this for years by nuckfuts · 2017-11-20 07:45 · Score: 2 · on Security Problems Are Primarily Just Bugs, Linus Torvalds Says (iu.edu)

OpenBSD has promoted this belief for years. The description of their audit process states...

"Another facet of our security auditing process is its proactiveness. In most cases we have found that the determination of exploitability is not an issue. During our ongoing auditing process we find many bugs, and endeavor to fix them even though exploitability is not proven. We fix the bug, and we move on to find other bugs to fix. We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable. (Or, more likely someone on BUGTRAQ would report that other operating systems were vulnerable to a `newly discovered problem', and then it would be discovered that OpenBSD had been fixed in a previous release). In other cases we have been saved from full exploitability of complex step-by-step attacks because we had fixed one of the intermediate steps."

Re:"the code is perpetually scrutinized" by donaldm · 2017-11-14 13:30 · Score: 1 · on Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com)

You might want to look at Open BSD. Much of what they have done has been adopted by lesser OSS projects.

Have you looked at the OpenBSD license?

From the URL "OpenBSD strives to provide code that can be freely used, copied, modified, and distributed by anyone and for any purpose. This maintains the spirit of the original Berkeley Software Distribution."

Very altruistic but does not have much control over what can be done with said software and do you honestly think some users are going to play fair?

Yes and no. by emil · 2017-10-26 08:19 · Score: 1 · on Equifax Was Warned (vice.com)

Over any period, the number of Linux kernel flaws will absolutely dwarf the number of flaws patched in the OpenBSD kernel.

There are consequences when choosing popularity over correctness.

Re:Debian? by Anonymous Coward · 2017-10-19 05:19 · Score: 0 · on Ubuntu 17.10 Artful Aardvark Released

You missed my point or else I wrote poorly. Theo and crew don't like using GPL'd software for a number of reasons, least of all the license. The OpenBSD devs likely write the best wifi drivers out there and they do this with very little cooperation from the vendors. OpenBSD has consistently said they will not use GPL'd bits.

The following snippet is taken from the "Getting Started with OpenBSD Device Driver Development"
Getting Started with OpenBSD Device Driver Development

Licensing

Follow the project’s copyright policy:

http://www.openbsd.org/policy.html

New code should be ISC-licensed /usr/share/misc/license.template

Honour the rights of authors
Many authors do not want their code copied into OpenBSD
This includes GPL and other incompatible open source licences