Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.2 Available

Posted by michael on from the daemon-goodness dept.

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

14 of 331 comments (clear)

  1. What Am I Waiting For? by Zech+Harvey · · Score: 5, Funny

    Common Criteria certification so it can be just as secure as my Windows 2000 boxen!

    --
    Zech Harvey, MCSE, MCDBA, CCNA
  2. Well .. by Mr_Silver · · Score: 5, Funny
    The the files are there. What are you waiting for?

    5:30pm, 8 pints of lager, one dodgy kebab and a chance to yet again make a piss poor attempt to chat the attractive barmaid up.

    Well you did ask!

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
    1. Re:Well .. by SirSlud · · Score: 5, Funny

      > to yet again make a piss poor attempt to chat the attractive barmaid up

      barmaids get slashdotted by drunk guys every night. i recommend you search your neighbourhood for a mirror so you can have all the bandwidth to yourself.

      --
      "Old man yells at systemd"
  3. Re:Well, I'm waiting for a downloadable iso by LordHunter317 · · Score: 5, Informative

    Download the sources. Burn on a CD. There you go.

    IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.

    Otherwise, buy a CD.. we need the money.

  4. Re:FreeBSD by c13v3rm0nk3y · · Score: 5, Informative
    I've always been a fan of FreeBSD. How does OpenBSD compare?
    Try this link. There are a bunch of FAQs, some of them directly compare *BSD, Linux &etc.
    --
    -- clvrmnky
  5. I don't think so.... by Dr_DTHP · · Score: 5, Funny

    >[OpenBSD is] the world's most secure operating system

    Hear that sound? It's the VMS users (all 8 of them, currently, unless Fred's VAX killed his mains power again and he switched to OSX) choking on their lunches in laughter.

  6. Re:FreeBSD by Ryvar · · Score: 5, Informative

    Short Answer:
    OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.

    On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . . .

    OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.

    The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.

    To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.

  7. Re:*BSD by c13v3rm0nk3y · · Score: 5, Informative
    ...is OpenBSD recommended as an internet server over all of the other distros?

    Depends who you talk to ;)

    A good place to start is here, to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal to see what people do with it.

    My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.

    Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.

    --
    -- clvrmnky
  8. Most Secure OS by SirGeek · · Score: 5, Interesting

    According to this article the most secure OS were SCO Unix, Mac OS and Tru 64.

    --
    UPS Sucks
  9. Re:security by c13v3rm0nk3y · · Score: 5, Insightful

    It's pretty common to run a few releases back on important and complex daemons like BIND, or Sendmail.

    There is little value in going to BIND 8 or 9 if it has not been audited by the OBSD team first. BIND 4 is well understood and the faults, warts and bugs are well-known. BIND 8 is still new enough that it is considered an unknown.

    This is one of the downsides (if you consider it a downsid) of trying to be "secure by design".

    Of course, OBSD is free, as in beer and as in speech. This means you can run a parallel box with BIND 8 or 9 (or whatever) yourelf until you deem it safe. The responsibility is now yours to maintain security on that chunk of the OS, but everything is a trade-off, especially in host security.

    BIND 8/9 will eventually make it into a future release. 99% of us do not need it, however, and so having a well-known and secure BIND 4 implementation has more value for the rest of us.

    --
    -- clvrmnky
  10. Re:Still won't boot above 8 Gig by c13v3rm0nk3y · · Score: 5, Informative

    Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.

    There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.

    I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.

    --
    -- clvrmnky
  11. yes, we need SMP by mainmain · · Score: 5, Insightful

    BSD is great, but it's just not going to make inroads into the server market without SMP. It's fine for us amateurs with racks at home and 384k upload at best, but for business that really need to crank it up, OpenBSD falls short.

    What's great about Open over Free (and most Linux distros) is simply that one can go from zero to installed, up and running in no time flat. The need to secure the OS is minimal (though as another said, why portmap and why inetd?), which also greatly reduces time to production. And no worries about all of those "extra" packages that one doesn't want installed that get installed whether you like it or not, and then having to find a way to yank them out.

    That said, yes, I pre-ordered my CDs.

    Jud.

    1. Re:yes, we need SMP by bmajik · · Score: 5, Informative

      There's little reason for SMP in openbsd

      1) It makes security that much harder. Think /tmp race conditions are bad ? How about race conditions in the kernel ? How about the fact that not even Intel is consistent in their docs on how two x86 chips re-order operations and maintain cache coherence in some situations.

      2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.

      --
      My opinions are my own, and do not necessarily represent those of my employer.
  12. The real Release notes: by fries · · Score: 5, Informative

    ... couldn't make it through the 'Lameness filter'.

    Please go to http://deadly.org where they did make it through.

    --
    Todd Fries .. todd@fries.net .. OpenBSD, because security matters!