Slashdot Mirror
OpenBSD 3.3 Released
An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"
Lets not forget about the OpenBSD Song
-dk
1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.
2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.
3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.
Very much worth a try if you have never used it.
Just to clarify that, W^X is not "write xor X", but "write xor execute". It's a new policy that OpenBSD uses to specify whether memory is writable or executable, but not both.
This helps prevent buffer overflows on the architectures that support it (sparc, sparc64, alpha, hppa) in that any memory that can be written to cannot be executable, and vice versa - so even if a buffer overflow succeeds in overwriting memory, that memory cannot be executed (or, the memory cannot be overwritten in the first place if it is executable).
Also note that W^X is also available on x86 in -current.
What's so difficult about getting X working? Use xf86cfg or xf86config to make the config file, then change xdm=NO to xdm="" in /etc/rc.conf (the comments will tell you as much, BTW).
...
Maybe you should have checked out the FAQ on the website or man afterboot
I don't know what to tell you if you can't do that much without more hand-holding.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
With the new normal FAQ upgrades also comes the new PF FAQ:
http://openbsd.org/faq/pf/index.html
spamd, a spam deferral daemon, can be used to tie up resources on a spammer's machine. spamd uses the new pf(4) table facility to redirect connections from a blacklist such as SPEWS or DIPS.
-- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Check out the G.O.B.I.E Project. It's a graphical installer for OpenBSD.
From the web site:
The main goal of the GOBIE is to add a graphical installation of the famous OS OpenBSD. This project has bee developped in the spirit of OpenBSD which means that the installation is as close as possible as the text one.
GOBIE wishes to add some value to the product by developping installation modules to known servers such as Bind, Sendmail, Inn, Apache...
Here are some screenshots - looks pretty cool to me. The only downside to it is that the release is scheduled for July and thus not availabe yet, so keep your eyes open. It seems like a project that is worth supporting.
Theo replied to this a while back
In an SMP environment, auditing all applications and figuring out all race conditions and resource corruption is a nightmare. You never know when a programmer overlooked the fact that a signal handler and a thread could *actually* be running in parallel and cause a race condition.
Theo wants to avoid these pitfalls for now. Thus OpenBSD has no SMP support.
Incorporating SMP support in OpenBSD shouldn't be an issue, mainly because NetBSD from which its derived has had SMP for ages and FreeBSD has it too! The friggin' thing is how to be sure that sendmail's author imagined all parallel excution scenarios and has coded accordingly.
Trust me, SMP environments are bitch to work in and you should either have professional tools to work with or a really good imagination to work out all possible race conditions.
- mritunjai
Also, good luck getting a JDK/JRE to run here. HAHAHAHAHAHA. Fuckers.
I must have good karma.Kan jeg få en pils, vær så snill?
For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control
enjoy it!
Q.
Sure: Anything that produces machine code at run time needs memory that is writable AND executable. It's not such an esoteric trick -- for example many high-performance Smalltalk and Lisp systems compile everything you type down to machine code instead of using a simple interpreter. Then there are dynamically recompiling emulators, ie. just about any high-performance emulator these days, and of course JIT-compiling Java VMs. That's quite a lot of software to disable.
No its still a.out. You need to get a recent snapshot of CURRENT to get ELF.