Slashdot Mirror
OpenBSD 3.2 Available
fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"
Download the sources. Burn on a CD. There you go.
IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.
Otherwise, buy a CD.. we need the money.
ad 1.) In this interview with pf developer Daniel Hartmeier he talks a bit about performance.
-- clvrmnky
Depends on what you want to do. FreeBSD is better suited as a workstation or a high-performance server. OpenBSD does great for bastion-hosts and firewalls.
Short Answer:
.
OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.
On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . .
OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.
The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.
To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.
Depends who you talk to ;)
A good place to start is here, to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal to see what people do with it.
My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.
Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.
-- clvrmnky
Maybe not quite what you are looking for, but there is the infamous Linux Compatibility mode for OpenBSD (as well as FreeBSD and NetBSD) that will allow you to run many Linux applications. OpenBSD also supports the Ext2 file system (again, same with FreeBSD and most likely NetBSD).
Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.
They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.
Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.
OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").
-- clvrmnky
> What are you waiting for?
SMP Support.
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song32.ogg (please use a mirror)
This time it's a Bond-movie theme, which matches the new logo.
-jfedor
Support the OpenBSD developers by getting a
3.2 CD $40 or for Europe EUR 45
The new new 3.2 poster is very nice too, get it for
$10 US or EUR 14 in Europe The European size is 70x100 cm
You'll need at least 32MB if you will install OpenBSD. Could be 16MB, but you'll have to turn swap on during install, as the Installation Guide will tell you.
Just be careful to read it, and you'll be running OpenBSD in less than 20 minutes.
Fernando Braga IT Manager Telemacro Sistemas e Serviços
Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.
There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.
I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.
-- clvrmnky
6 Months,
.1 to the release number.
Every 6 months there is an OpenBSD release.
Every time they add
It is a simple as that.
From the openbsd man pages:
pf.conf(5)
pfctl(8)
pf(4)
FreeBSD has softupdates too.
Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd)
portmap is turned off by default in OpenBSD 3.2.
The perfect OS for those who want a secure router, and/or single/few-function server.
my OpenBSD workstation runs the same apps i need to work as my linux workstation does, and that is quite a few apps, yes i do real work.
This isn't an appropriate choice if you need more than a commandline, really,
X works fine in OpenBSD and i bet most users who use OpenBSD use X on OpenBSD desktops and commandline on *all* their Unix servers, regardless of flavour (why should a dedicated webserver/firewall/database need X running?).
... couldn't make it through the 'Lameness filter'.
Please go to http://deadly.org where they did make it through.
Todd Fries
Warning: OpenBSD camp follower talking!
/etc/nat.conf file! Time for a round of upgrades.
It has been over two years (since 2.7, actually) since OpenBSD sucked me in with its simplicity, security and *good* documentation.
In that time I have never started Xwindows on an OpenBSD machine. There is no need.
OpenBSD has been a solid firewall, router, bridge, MX, DNS server, NIS, NFS, Web, SSH/SCP/SFTP machine with nary a GUI to be seen.
With 3.2 they have finally done superb work with locking down services. This is even extended to services that are not on by default, such as apache. They have also gotten right of that annoying
But they don't weight the percentages by number of users.
"Most of the known software vulnerabilities announced in 2002 affected Microsoft Windows (44%) followed by Linux (19%), BSD (9%) and Sun Solaris (7%). By comparison only 0.5% of the vulnerabilities announced in 2002 affected SCO Unix, and 1.9% affected Mac OS and Compaq Tru64 systems respectively."
It might be that no one is noticing mac or BSD flaws beacuse many fewer people care. A straight line weighting doesn't make sense either. We should expect a diminishing marginal return on eyeballs. The point is that this overstates Linux and Windows bugs and understates the others(actually I don't know usage rates on Linux but I assume it is the third most used OS.)
Reality is that which refuses to go away when I stop believing in it. --Phillip K. Dick (remove SPAM to email)
VMS is architected such that overflowing data cannot be executed (i.e. doesn't get passed along to the shell). As far as the kernel level code itself is concerned, overflows don't occur in the first place due to the universal use of descriptors to pass data to system-level calls.
The complete OpenVMS doc set is available on the web from a link at http://www.openvms.compaq.com. There are also several good books on OpenVMS internals, with links to info on them available at the same place.
*** Quantum Mechanics: The Dreams of Which Stuff is Made ***
There's little reason for SMP in openbsd
/tmp race conditions are bad ? How about race conditions in the kernel ? How about the fact that not even Intel is consistent in their docs on how two x86 chips re-order operations and maintain cache coherence in some situations.
1) It makes security that much harder. Think
2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.
My opinions are my own, and do not necessarily represent those of my employer.
Well, I added printing (and data entry)
for arbitrary units (ie - m, g, k, b, c (cylinders)) to fdisk a while back, so
a calculator should not be necessary anymore.
just do a "p m" in fisk like you used to do in disklabel.
NetBSD is (as far as I know) the ONLY one of the BSDs that ships with NO open services in the default install.
Y'know how OpenBSD used to brag about "X years without a remote root exploit in the default install"? These days, it's NetBSD that carries the "longest since remote root in default" banner, and they'll continue to have it (though they're a bit to understated to brag about it) until OpenBSD turns off incoming SSH and RPC.
Think that's a silly argument? Check your nearest OpenBSD box. Is it running RPC? Does it need to be? Isn't "turn off unnecessary services" one of the fundamentals of securing a box?
Forward, retransmit, or republish anything I say here. Just don't misquote me.
microbsd.net
not quite OpenBSD, but it's a BSD that fits on a coupla floppys.
Try ClosedBSD, a FreeBSD based firewall. It rocks.