Slashdot Mirror
OpenBSD 3.3 Released
An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"
Lets not forget about the OpenBSD Song
-dk
coene
Head Developer, OpenBSD Project.
This is great news, or would be, if OpenBSD would actually work with our hardware. We use KVM switchs that have a mouse and keyboard plugged into a USB hub. OpenBSD just doesn't have good enough USB support to even install with a keyboard through a hub. And no, changing 'usb legacy support' in the bios does not help the problem. It is a pity. Linux kernel has the same issue, however all recent versions of Windows work fine with it.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.
2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.
3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.
Very much worth a try if you have never used it.
Just to clarify that, W^X is not "write xor X", but "write xor execute". It's a new policy that OpenBSD uses to specify whether memory is writable or executable, but not both.
This helps prevent buffer overflows on the architectures that support it (sparc, sparc64, alpha, hppa) in that any memory that can be written to cannot be executable, and vice versa - so even if a buffer overflow succeeds in overwriting memory, that memory cannot be executed (or, the memory cannot be overwritten in the first place if it is executable).
Also note that W^X is also available on x86 in -current.
I have no pants and I must scream
What's so difficult about getting X working? Use xf86cfg or xf86config to make the config file, then change xdm=NO to xdm="" in /etc/rc.conf (the comments will tell you as much, BTW).
...
Maybe you should have checked out the FAQ on the website or man afterboot
I don't know what to tell you if you can't do that much without more hand-holding.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I believe Darwin is based upon FreeBSD. While they share the same name, the same roots, and a lot of the same code, the BSD's (Free|Net|Open) are very different.
Of all the BSD's, NetBSD and OpenBSD are the most similar, and share the most code, primarily because OpenBSD forked from NetBSD not so long ago. FreeBSD has taken quite a different path to be more mainstream.
Improvements to OpenBSD should not be impossible to merge into FreeBSD/Darwin, but it's an easy or painless task either - not to mention that FreeBSD and Darwin are quite different. This isn't saying that a fair share of code isn't shared, indeed it is, but it's not a trivial task.
With the new normal FAQ upgrades also comes the new PF FAQ:
http://openbsd.org/faq/pf/index.html
spamd, a spam deferral daemon, can be used to tie up resources on a spammer's machine. spamd uses the new pf(4) table facility to redirect connections from a blacklist such as SPEWS or DIPS.
-- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Check out the G.O.B.I.E Project. It's a graphical installer for OpenBSD.
From the web site:
The main goal of the GOBIE is to add a graphical installation of the famous OS OpenBSD. This project has bee developped in the spirit of OpenBSD which means that the installation is as close as possible as the text one.
GOBIE wishes to add some value to the product by developping installation modules to known servers such as Bind, Sendmail, Inn, Apache...
Here are some screenshots - looks pretty cool to me. The only downside to it is that the release is scheduled for July and thus not availabe yet, so keep your eyes open. It seems like a project that is worth supporting.
I have only two words for you.
Wonder Shaper.
How so? Are you going to tell me that *BSD can only run Windowmaker or something? Or does *BSD ship with a broken [k||x||g]dm?
In what way is it that FreeBSD and NetBSD are somehow less usable for a desktop compared with GNU/Linux? The desktop apps are there (including Windowmaker), the mulitmedia is there...so what is the basis for saying that BSD is some how more intrinsically inferior to GNU/Linux as a desktop?
(openbsd I'll give to you as it doesn't run mozilla--or so I've heard, I haven't checked for myself.)
For those running Mac OS X, there is an application called Cocktail that will let you turn off delayed ACKs.
I prayed about it, and God said, "Don't do it!" But I thought, "I know better."
Try the 'FTPing Releases' link under 'Getting OpenBSD' or just click here
;)
Looking at the homepage helps.
Theo replied to this a while back
In an SMP environment, auditing all applications and figuring out all race conditions and resource corruption is a nightmare. You never know when a programmer overlooked the fact that a signal handler and a thread could *actually* be running in parallel and cause a race condition.
Theo wants to avoid these pitfalls for now. Thus OpenBSD has no SMP support.
Incorporating SMP support in OpenBSD shouldn't be an issue, mainly because NetBSD from which its derived has had SMP for ages and FreeBSD has it too! The friggin' thing is how to be sure that sendmail's author imagined all parallel excution scenarios and has coded accordingly.
Trust me, SMP environments are bitch to work in and you should either have professional tools to work with or a really good imagination to work out all possible race conditions.
- mritunjai
Also, good luck getting a JDK/JRE to run here. HAHAHAHAHAHA. Fuckers.
I must have good karma.Kan jeg få en pils, vær så snill?
it's available on BudgetLinuxCDS.com for only $3
For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control
enjoy it!
Q.
Sure: Anything that produces machine code at run time needs memory that is writable AND executable. It's not such an esoteric trick -- for example many high-performance Smalltalk and Lisp systems compile everything you type down to machine code instead of using a simple interpreter. Then there are dynamically recompiling emulators, ie. just about any high-performance emulator these days, and of course JIT-compiling Java VMs. That's quite a lot of software to disable.
Oh it isn't that bad. Pull the network plug and clean up the mess. Preserve the corrupted files for later and restore from your backup. (you DO have a backup, right?) and then use the RPM database to verify all of your binaries to make sure you weren't owned when you made the backup. Verifying the critical files against the installation media will ensure against a trojaned rpm/database.
Then once you are clean again, examine the saved files and try to figure out how they got in. Learn from your mistake and carry on.
Happened to me a couple of times, usually when I make a mistake in configuration or don't keep up with the errata. Yes I'd like to connect electrodes to the script kiddies testicles, but it really isn't something to get bent overly out of shape over either.
Democrat delenda est
The software doesn't need to be 'disabled' - the memory just needs to be switched from writable to executable. That's what "W^X" means.
Uh, this is bullshit.
The kernel-part (which linux already has, QoS) is complex to setup and wondershaper are just some shellscripts which make it *really* easy.
No its still a.out. You need to get a recent snapshot of CURRENT to get ELF.
Found the server, read about it here
http://www.chromium.com/x15tech.html
My preferred method of setting up X.
X -configure
Edit XF86Config and add monitor refresh setting, wheel mouse tweaks, default color depth
startx
This method has worked great for me. YMMV
The best method is xf86cfg -textmode, which provides a very nice, interactive, fullscreen, textbased configuration tool. Very nice. One hell of an improvement over the GUI xf86cfg.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
It's possible to play various tricks as a TCP receiver to get a server to send you data as fast as you want. Instead of just prioritizing ACKs, if you split ACKs, send duplicate ACKs, or send ACKs for data you haven't gotten yet, the server will think the connection is great and increase the send window. The details are here.
'man afterboot'
HTH