OpenBSD 3.2 Available

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

Re:Well, I'm waiting for a downloadable iso

[LordHunter317]

Download the sources. Burn on a CD. There you go.

IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.

Otherwise, buy a CD.. we need the money.

Re:FreeBSD

[c13v3rm0nk3y]

I've always been a fan of FreeBSD. How does OpenBSD compare?

Try this link. There are a bunch of FAQs, some of them directly compare *BSD, Linux &etc.

Re:FreeBSD

[CoolVibe]

Depends on what you want to do. FreeBSD is better suited as a workstation or a high-performance server. OpenBSD does great for bastion-hosts and firewalls.

Re:FreeBSD

[Ryvar]

Short Answer:
OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.

On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . . .

OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.

The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.

To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.

Re:*BSD

[c13v3rm0nk3y]

...is OpenBSD recommended as an internet server over all of the other distros?

Depends who you talk to ;)

A good place to start is here, to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal to see what people do with it.

My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.

Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.

Re:I'm waiting

[questionlp]

Maybe not quite what you are looking for, but there is the infamous Linux Compatibility mode for OpenBSD (as well as FreeBSD and NetBSD) that will allow you to run many Linux applications. OpenBSD also supports the Ext2 file system (again, same with FreeBSD and most likely NetBSD).

Re:*BSD

[c13v3rm0nk3y]

Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.

They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.

Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.

OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").

Re:Still won't boot above 8 Gig

[c13v3rm0nk3y]

Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.

There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.

I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.

The real Release notes:

[fries]

... couldn't make it through the 'Lameness filter'.

Please go to http://deadly.org where they did make it through.

Re:yes, we need SMP

[bmajik]

There's little reason for SMP in openbsd

1) It makes security that much harder. Think /tmp race conditions are bad ? How about race conditions in the kernel ? How about the fact that not even Intel is consistent in their docs on how two x86 chips re-order operations and maintain cache coherence in some situations.

2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.

Re:It's good, but not that good

[PapaZit]

NetBSD is (as far as I know) the ONLY one of the BSDs that ships with NO open services in the default install.

Y'know how OpenBSD used to brag about "X years without a remote root exploit in the default install"? These days, it's NetBSD that carries the "longest since remote root in default" banner, and they'll continue to have it (though they're a bit to understated to brag about it) until OpenBSD turns off incoming SSH and RPC.

Think that's a silly argument? Check your nearest OpenBSD box. Is it running RPC? Does it need to be? Isn't "turn off unnecessary services" one of the fundamentals of securing a box?