Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.2 Available

Posted by michael on from the daemon-goodness dept.

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

48 of 331 comments (clear)

  1. What Am I Waiting For? by Zech+Harvey · · Score: 5, Funny

    Common Criteria certification so it can be just as secure as my Windows 2000 boxen!

    --
    Zech Harvey, MCSE, MCDBA, CCNA
    1. Re:What Am I Waiting For? by liquidsin · · Score: 4, Funny

      Well, it's only at version 3.2. I'm guessing version 3.3 would be like the third service pack of version 3, and it seems you can't get certified until SP3. I'm sure they'll get there soon enough.

      --
      do not read this line twice.
  2. Well .. by Mr_Silver · · Score: 5, Funny
    The the files are there. What are you waiting for?

    5:30pm, 8 pints of lager, one dodgy kebab and a chance to yet again make a piss poor attempt to chat the attractive barmaid up.

    Well you did ask!

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
    1. Re:Well .. by SirSlud · · Score: 5, Funny

      > to yet again make a piss poor attempt to chat the attractive barmaid up

      barmaids get slashdotted by drunk guys every night. i recommend you search your neighbourhood for a mirror so you can have all the bandwidth to yourself.

      --
      "Old man yells at systemd"
    2. Re:Well .. by $rtbl_this · · Score: 4, Funny

      ...i recommend you search your neighbourhood for a mirror...

      Surely this would only work if you were a hopeless narcissist.

      --
      "Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.
  3. Re:Well, I'm waiting for a downloadable iso by LordHunter317 · · Score: 5, Informative

    Download the sources. Burn on a CD. There you go.

    IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.

    Otherwise, buy a CD.. we need the money.

  4. Re:OpenBSD questions by Karamchand · · Score: 3, Informative

    ad 1.) In this interview with pf developer Daniel Hartmeier he talks a bit about performance.

  5. Re:Well, I'm waiting for a downloadable iso by Anonymous Coward · · Score: 3, Insightful

    you could probably find one that someone hand-rolled and put up for download, but you'd be a moron to trust it.

  6. Re:FreeBSD by c13v3rm0nk3y · · Score: 5, Informative
    I've always been a fan of FreeBSD. How does OpenBSD compare?
    Try this link. There are a bunch of FAQs, some of them directly compare *BSD, Linux &etc.
    --
    -- clvrmnky
  7. Re:FreeBSD by CoolVibe · · Score: 4, Informative

    Depends on what you want to do. FreeBSD is better suited as a workstation or a high-performance server. OpenBSD does great for bastion-hosts and firewalls.

  8. It's good, but not that good by ryanvm · · Score: 4, Insightful

    It is well known as the world's most secure operating system

    Whoa, partner. Sure OpenBSD is designed with security in mind, and as far as the BSDs go (which are generally pretty secure in their own right), it's probably the tightest. But it's quite a leap to say that OpenBSD is the most secure operating system in the entire world.

    I don't know which OS would get that "award". But I'd have to believe that it'd be something obscure like a tiny, embedded, OS the NSA uses in their crypto equipment or some such.

    1. Re:It's good, but not that good by LordHunter317 · · Score: 4, Insightful

      Bullcrap. We just had to put in a patch to cover a buffer overflow/memory leak issue in UCX For OpenVMS. We know it caused buffer overflow issues becuase we could bomb Sybase sending it large amounts of data. Now there may be no OS-level overflows, but your statment is just ludicris. Our code is one walking buffer-overflow. Kernel != System, and just because the kernel is secure doesn't mean the system is.

      Otherwise, I tend to agree, but OpenVMS is bi*ch to configure.

    2. Re:It's good, but not that good by glenmark · · Score: 3, Informative

      VMS is architected such that overflowing data cannot be executed (i.e. doesn't get passed along to the shell). As far as the kernel level code itself is concerned, overflows don't occur in the first place due to the universal use of descriptors to pass data to system-level calls.

      The complete OpenVMS doc set is available on the web from a link at http://www.openvms.compaq.com. There are also several good books on OpenVMS internals, with links to info on them available at the same place.

      --
      *** Quantum Mechanics: The Dreams of Which Stuff is Made ***
    3. Re:It's good, but not that good by octogen · · Score: 3, Insightful

      (Buffer overflow exploits? No such thing in VMS.)

      Ok, so you believe, programs are absolutely immune against buffer overflow exploits on OpenVMS?

      Then I'll show you a simple example of a buffer overflow exploit on OpenVMS/Alpha.

      ---

      The victim program compares a user-supplied password with a password stored inside a file.

      I wasn't able to include the source code, because I always get errors like "Your comment has too few characters per line (currently 24.5)." if I do.
      Email me, if you'd like to get the complete source code, and I'll send it back to you.

      $ cc vmshackme.c;1

      strcpy(l_input, input); .^
      %CC-I-IMPLICITFUNC, In this statement, the identifier "strcpy" is implicitly declared as a function.
      at line number 66 in file $DKA100:[USERS.OCTOGEN]VMSHACKME.C;1

      if (strncmp(l_input, l_pass, _max_pwd_len) == 0) .....^
      %CC-I-IMPLICITFUNC, In this statement, the identifier "strncmp" is implicitly declared as a function.
      at line number 68 in file $DKA100:[USERS.OCTOGEN]VMSHACKME.C;1
      $ link vmshackme.obj;1
      $ type pass.pwd;1
      openvms
      $ run vmshackme
      openvms
      Password correct
      $ run vmshackme
      os400
      Wrong password, try again.
      $

      -----

      The program works, as you can see.

      Now I'll type in a bit too much:

      $ run vmshackme
      aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      Pass word correct
      $

      -----

      What I'm exploiting here is nothing else than a simple example of a buffer overflow.

      Even if you can't execute arbitrary code (and I'm quite sure you can do that, too!), you can still damage data structures, data pointers, numeric values like buffer offsets and many other things - so there are a lot of possibilities left for exploiting a buffer overflow vulnerability.
      AS/400s have hardware protection for system pointers, so they are even more secure than OpenVMS. But even on AS/400s you can still damage space pointers, and I'm quite sure, this example program would even work on an AS/400.
      It might not be possible to execute arbitrary code on an AS/400, but you can still damage many things by exploiting buffer overflows.

      ---

      regards,
      octogen

    4. Re:It's good, but not that good by PapaZit · · Score: 4, Informative

      NetBSD is (as far as I know) the ONLY one of the BSDs that ships with NO open services in the default install.

      Y'know how OpenBSD used to brag about "X years without a remote root exploit in the default install"? These days, it's NetBSD that carries the "longest since remote root in default" banner, and they'll continue to have it (though they're a bit to understated to brag about it) until OpenBSD turns off incoming SSH and RPC.

      Think that's a silly argument? Check your nearest OpenBSD box. Is it running RPC? Does it need to be? Isn't "turn off unnecessary services" one of the fundamentals of securing a box?

      --
      Forward, retransmit, or republish anything I say here. Just don't misquote me.
    5. Re:It's good, but not that good by octogen · · Score: 3, Insightful

      VMS is architected such that overflowing data cannot be executed

      The same is true for Solaris/SPARC, if you configure it correctly.

      You don't need to execute overflowing data, it can even be enough only to change a function pointer, and the program would run some code which was already there before the overflow occurred.

      This code would be executable, because it's simply a part of the running program or of a library used by the running program.

      Just changing some piece of data which gets passed to a system call can also be enough to break security.

      From a technical point of view, applications on OpenVMS are just as vulnerable to buffer overflow exploits as applications on Solaris/SPARC (with noexec_user_stack set to 1).

      On both OSs you can't execute overflowing data.

      But on both OSs you can (sometimes) circumvent this sort of protection.

  9. I don't think so.... by Dr_DTHP · · Score: 5, Funny

    >[OpenBSD is] the world's most secure operating system

    Hear that sound? It's the VMS users (all 8 of them, currently, unless Fred's VAX killed his mains power again and he switched to OSX) choking on their lunches in laughter.

    1. Re:I don't think so.... by MAXOMENOS · · Score: 4, Funny

      What you don't hear is the thousands of OS/400 users quietly chuckling to themselves. "Kids..."

      --
      Finding God in a Dog
    2. Re:I don't think so.... by R.Caley · · Score: 4, Funny
      [OpenBSD is] the world's most secure operating system

      It's well known that MSDOS is the world's most secure operating system.

      No network access and so completely secure from remote break in, and if anyone breaks in from the console there is bugger all they can break and no one cases what they do anyway.

      Security by obsolescence.

      --
      _O_
      .|<       The named which can be named is not the true named
  10. Re:FreeBSD by Ryvar · · Score: 5, Informative

    Short Answer:
    OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.

    On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . . .

    OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.

    The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.

    To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.

  11. Re:*BSD by c13v3rm0nk3y · · Score: 5, Informative
    ...is OpenBSD recommended as an internet server over all of the other distros?

    Depends who you talk to ;)

    A good place to start is here, to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal to see what people do with it.

    My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.

    Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.

    --
    -- clvrmnky
  12. Re:I'm waiting by questionlp · · Score: 4, Informative

    Maybe not quite what you are looking for, but there is the infamous Linux Compatibility mode for OpenBSD (as well as FreeBSD and NetBSD) that will allow you to run many Linux applications. OpenBSD also supports the Ext2 file system (again, same with FreeBSD and most likely NetBSD).

  13. Re:*BSD by c13v3rm0nk3y · · Score: 4, Informative

    Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.

    They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.

    Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.

    OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").

    --
    -- clvrmnky
  14. Re:what happened? by grub · · Score: 4, Insightful


    ..when the holes in OpenSSH and -SSL were found.


    The OpenBSD folks do make OpenSSH but not OpenSSL.

    --
    Trolling is a art,
  15. What are you waiting for? by Anonymous Coward · · Score: 3, Informative

    > What are you waiting for?

    SMP Support.

  16. Most Secure OS by SirGeek · · Score: 5, Interesting

    According to this article the most secure OS were SCO Unix, Mac OS and Tru 64.

    --
    UPS Sucks
    1. Re:Most Secure OS by Daleks · · Score: 3, Interesting

      This pattern is mirrored by the overt digital attack data collected for 2002, which demonstrates this has been the worst year on record with 57,977 attacks having already taken place. The most attacked operating system in 2002 has been Microsoft Windows with 31,431 attacks (54%) followed by Linux with 17,218 attacks (30%), BSD (6%) and Solaris (5%). Apple Mac's OS suffered only 31 overt digital attacks, ie, 0.05% of all attacks in 2002 although Apple Mac has roughly 3% of the world's computer market share. SCO Unix suffered 165 digital attacks (0.2%) and Compaq Tru64 suffered 10 attacks (0.02%).

      The above uses attacks per overall attacks as the rating for the OS. What should be done is OS specific attacks per installed machines running the particular OS.

      MA -- machine attacks
      TA -- total attacks
      MI -- machines installed
      TI -- total installed

      The article gives MA/TA, but we want MA/MI. MA/MI gives the vulnerability of a particular OS seperated from the quantity of attacks. I don't know the total number of installed computers, but say it's 10,000,000. Then the MA/MI for Mac's is:

      10,000,000 * 0.03 = 300,000
      31/300,000 = 0.000103

      So about 0.0103%. By contract look at the Windows numbers. Suppose Windows has 75% market share.

      10,000,000 * 0.75 = 7,500,000
      31,431/7,500,000 = 0.0041908

      So about 0.41908%. These numbers show what percentage of installed machines will be affected instead of what portion of all attacks they represent. Another way to think about it is say you have 1 machine running CrappyOS and that machine is attacked. It will only represent 1/57,978 hacks performed in 2002. By contrast MA/MI will be 100%, meaning that every single machine running CrappyOS was hacked.

      Numbers don't lie, people do.

  17. Re:what happened? by LordHunter317 · · Score: 4, Insightful

    The OpenSSL holes have nothing to do with OpenBSD, they are built by a seperate team. 3rd party auditing of the source (which is what OpenBSD does for stuff it doesn't directly develop) won't find everything.

    The OpenSSH hole was to be expected, and was long past due. No software is perfect, this just proves it. Face the facs, it'll happening sooner or later.

    I don't see what you mean what gee-whiz hardware. Hardware support is still pretty far down on the list, and even my new system is about 80%% supported at best. Security is still the critical issues, but the development teams is humans, and humans miss things.

    Flashy features? Again the same thing. The reason I use OpenBSD is because it isn't so darn flashy. That and it just runs.

    Path to shame? I think the 3.0 series has been the best yet, and the most innovative. I think it will continue to be too.

  18. Re:what happened? by c13v3rm0nk3y · · Score: 4, Insightful
    For a while there I wasn't sure they'd ever get another release out...

    This puzzled me. I've been running an OBSD router since 2.6 (and we've been running it at work since 2.8). The releases have been coming out pretty much every 6 months, haven't they?

    I upgrade about once a year, so I often skip releases, but I think they've only missed the release dates a few times, and only by a week or so.

    Bugs will be found, which (of course) is the point of the OBSD project. I just don't see any shame in that. Lot's of organizations get compromised. The real test is how the organization reacts and recovers.

    *shrug* From my POV, the releases have been getting better and better. I can't imagine running anything else as an edge box.

    Of course, I may be wrong. Even openbsd.org runs Solaris!

    --
    -- clvrmnky
  19. And there's a new song, too by jfedor · · Score: 3, Informative

    ftp://ftp.openbsd.org/pub/OpenBSD/songs/song32.ogg (please use a mirror)

    This time it's a Bond-movie theme, which matches the new logo.

    -jfedor

  20. Official 3.2 CD and Poster available too by Anonymous Coward · · Score: 3, Informative
    As for the OpenBSD project, there are some nice 3.2 goodies you can order them now


    Support the OpenBSD developers by getting a
    3.2 CD $40 or for Europe EUR 45


    The new new 3.2 poster is very nice too, get it for
    $10 US or EUR 14 in Europe The European size is 70x100 cm

  21. Re:security by c13v3rm0nk3y · · Score: 5, Insightful

    It's pretty common to run a few releases back on important and complex daemons like BIND, or Sendmail.

    There is little value in going to BIND 8 or 9 if it has not been audited by the OBSD team first. BIND 4 is well understood and the faults, warts and bugs are well-known. BIND 8 is still new enough that it is considered an unknown.

    This is one of the downsides (if you consider it a downsid) of trying to be "secure by design".

    Of course, OBSD is free, as in beer and as in speech. This means you can run a parallel box with BIND 8 or 9 (or whatever) yourelf until you deem it safe. The responsibility is now yours to maintain security on that chunk of the OS, but everything is a trade-off, especially in host security.

    BIND 8/9 will eventually make it into a future release. 99% of us do not need it, however, and so having a well-known and secure BIND 4 implementation has more value for the rest of us.

    --
    -- clvrmnky
  22. Re:Still won't boot above 8 Gig by c13v3rm0nk3y · · Score: 5, Informative

    Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.

    There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.

    I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.

    --
    -- clvrmnky
  23. Re:New PF syntax info by cant_get_a_good_nick · · Score: 3, Informative

    From the openbsd man pages:
    pf.conf(5)
    pfctl(8)
    pf(4)

  24. yes, we need SMP by mainmain · · Score: 5, Insightful

    BSD is great, but it's just not going to make inroads into the server market without SMP. It's fine for us amateurs with racks at home and 384k upload at best, but for business that really need to crank it up, OpenBSD falls short.

    What's great about Open over Free (and most Linux distros) is simply that one can go from zero to installed, up and running in no time flat. The need to secure the OS is minimal (though as another said, why portmap and why inetd?), which also greatly reduces time to production. And no worries about all of those "extra" packages that one doesn't want installed that get installed whether you like it or not, and then having to find a way to yank them out.

    That said, yes, I pre-ordered my CDs.

    Jud.

    1. Re:yes, we need SMP by bmajik · · Score: 5, Informative

      There's little reason for SMP in openbsd

      1) It makes security that much harder. Think /tmp race conditions are bad ? How about race conditions in the kernel ? How about the fact that not even Intel is consistent in their docs on how two x86 chips re-order operations and maintain cache coherence in some situations.

      2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.

      --
      My opinions are my own, and do not necessarily represent those of my employer.
  25. OpenBSD based floppy firewall? by minipunk · · Score: 3, Interesting

    Anyone know if one exists? Please send URL!

    1. Re:OpenBSD based floppy firewall? by Transcendent · · Score: 3, Informative

      microbsd.net

      not quite OpenBSD, but it's a BSD that fits on a coupla floppys.

    2. Re:OpenBSD based floppy firewall? by Electrum · · Score: 3, Informative

      Try ClosedBSD, a FreeBSD based firewall. It rocks.

  26. The real Release notes: by fries · · Score: 5, Informative

    ... couldn't make it through the 'Lameness filter'.

    Please go to http://deadly.org where they did make it through.

    --
    Todd Fries .. todd@fries.net .. OpenBSD, because security matters!
  27. Please provide .iso's by dazdaz · · Score: 3, Interesting

    People always get annoyed with this, however we would like .iso's of OpenBSD. I believe the philosophy is flawed in that .iso's are not made available so people have to purchase the cd's which helpds fund the project. However this limits the distribution of OpenBSD. If anyone could download an .iso, become familiar with OpenBSD, the userbase would be larger and therefore more people would purchase the official CD's.

    What do others think?

  28. if you have the bandwidth for isos you have it for by waspleg · · Score: 4, Insightful

    1.44 floppy net-based installs, which is what i usually use and i've been using openbsd since 2.5

    just because there are no "Official" iso's does not mean that they are not available from "Unofficial" sources just look around but you really should support hte project if you can

    (the t-shirts/posters/stickers are all cool and the later can only be found w/ the official cdrom distribution)

    my personal server (which is used primarily for NAT and personal ftp) has been running OpenBSD for years and it's certainly hte most elegant and simply designed UNIX based system that I've ever used and is far more intuitive and secure than Linux (which i have also dealt with since '95 and presently have a debian desktop machine running under my desk so no flames please) by default.. anyway my $.02

    here is a link to the floppy internet based install instructions: http://www.openbsd.org/faq/faq4.html#Media

  29. Re:Same horrible fdisk and disklable process? by psxndc · · Score: 3, Insightful
    No offense man, but by the 10th time you should have figured out you can use "M" and specify megs for partition size. Accept the default locations on the disk and guestimate in MB on what you need for /, swap, /tmp, /var, /home, and use the rest for /usr. Each time you add a partition, it will place the start of it after the end of the last one. Easy as pie.

    Yes, the disk partitioning is the least intuitive part of the install, but it only took a complete newbie like myself a few times (3, maybe 4) to feel comfortable with it so I think you might have missed something in the documentation. I was using "Building Linux and OpenBSD Firewalls" at the time as well, but it's all there on the screen for you.

    psxndc

    --

    The emacs religion: to be saved, control excess.

  30. Re:Same horrible fdisk and disklable process? by be-fan · · Score: 3, Interesting

    It's also been overrun be newbie users who are trying to turn it into Windows. I'm not saying that new users are bad, and I think it's good that Linux has become succesful, but I just wish that new Linux users would take some time to understand the culture attached OS before trying to change it. It's like they say, when in Rome, do as the Roman's do. Instead, many people are just acting like so-called ugly-Americans.

    --
    A deep unwavering belief is a sure sign you're missing something...
  31. Re:I DO think so.... by evilviper · · Score: 3, Interesting

    Well, keep laughing... Ever heard of chroot, privlidge seperation, and systrace?

    OpenBSD is what you make of it... If you set everything SUID it's certainly not going to be very secure, but you can secure an OpenBSD system extremely well if you want to do so.

    Stick that in your VMS pipe and smoke it!

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  32. Re:FreeBSD by CoolVibe · · Score: 3, Insightful
    Does OpenBSD have a working DRI/DRM/GLX working? Guess not. FreeBSD's works a treat. Also, performance on FreeBSD is snappier, there's SMP support, ELF binary format, sane dynamic linking. All stuff OpenBSD does not (yet) have.

    Nah, stick to FreeBSD for your desktop. OpenBSD might be secure and great for firewalls, bastion-hosts, but for a large multiple CPU server box, I rather use FreeBSD, Linux or Solaris.

  33. Re:Still won't boot above 8 Gig- IDIOt by grub · · Score: 3, Insightful


    OpenBSD is a SERVER operating system. 99.99999% of the people using OpenBSD use OpenBSD as a SERVER

    Rubbish.

    The OpenBSD ports tree, while not as brimming with goodies as FreeBSDs, has loads of software for use on the desktop.

    My desktop *NIX boxes at home and work are both OpenBSD with lots of decent software installed via ports. I hardly think that developers would bother making a port of only .00001% of the users would use it. In fact a number that low would be a partial user. Perhaps a finger or two.

    --
    Trolling is a art,
  34. Signed files? MD5s? by piranha(jpl) · · Score: 4, Interesting
    I appreciate OpenBSD a lot; I use it on one system at home, and plan to do two more OpenBSD installations. There are some really cool things, like systrace, that aren't available for Linux yet.

    That said, how can I trust that my copy of the "world's most secure operating system" hasn't been tampered with? OpenBSD does not sign their files with PGP, GnuPG, or OpenSSL (yes, the latter has been suggested on lists). OpenSSH does. Why can't OpenBSD?

    The ports tree, the kernel source, and the rest of the base source (ports.tar.gz, srcsys.tar.gz, and src.tar.gz) don't even have published MD5 hashes (but the archetecture-specific binaries do). The source matters, because (aside from using potentially unstable snapshots binaries) you need the source to apply security patches as security issues are discovered.

    For an OS with such a focus on cryptography "because we can", I don't see it being used where it counts. (I've written to the misc list, and only received one response. I've filed a bug report and have received none.)