Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.3 Released

Posted by timothy on from the darpa-funding-be-damned dept.

An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"

11 of 347 comments (clear)

  1. OpenBSD = Coordinated Innovation by coene · · Score: 5, Insightful

    I'm continually impressed by the amount of improvements in each new release of OpenBSD, the frequency of the releases (6 months), and the sheer amount of value that each new release brings.

    If anyone hasn't tried OpenBSD yet, give it a shot - you're certain to appreciate the quality that goes into it.

    1. Re:OpenBSD = Coordinated Innovation by JungleBoy · · Score: 3, Insightful

      I hope OpenBSD has gotten easier to use and install. Its not for the faint of heard. Last time I used it (2.something) post install configuration was non existant. it was like:

      "Here's some iron ore, build a truck"

      I can vi ascii files, but getting X running was an absolute chore, it was reminiscent of Slackware back in the 1.4 kernel days.

      --
      "You never know when some crazed rodent with cold feet might be running loose in your pants."
      -Calvin
  2. Re:If Microsoft wants to steal... by Anonymous Coward · · Score: 3, Insightful

    Not really.

    Bearing in mind that security is, code flaws aside, one side of a balance between security and user features, OpenBSD, from what I can tell, more than pays the price for its security in lack of features. For example, Outlook is notorious for its security flaws. Most of these seem to stem from all sorts of abilities to run code embedded in emails. Did MS coders do this because they were stupid and forgot not to code in this feature? No, they did it because it is indeed a feature, when not abused.

    Obviously a lot of vulnerabilities just stem from coding flaws but, ultimately, a more secure OS is going to be harder to use. MS has chosen the balance they prefer and, apparently, have chosen correctly, from a business perspective.

  3. OpenBSD just makes sense... by LinuxParanoid · · Score: 5, Insightful


    Regarding various troll-slams on OpenBSD... I dunno, I'm using OpenBSD and it's great. Nowhere to go but up, as far as I'm concerned. FreeBSD and NetBSD don't have much of a value proposition in my book compared to mainstream Linux distros, but if you want a secure webserver (or network appliance) without having to patch the thing all the damn time, OpenBSD seems a heck of a lot better than any Linux variant.

    That said, I'm not dogmatic about this; it's just the conclusion I've come to based on the evidence I've seen so far.

    --LP

  4. Re:and still no SMP =( by dr4ma · · Score: 5, Insightful

    OpenBSD is built around being secure, not on high performance multiprocessor support for hosting huge database servers.

    look at /. servers, the web server is a PIII 600MHz and the database server is a quad Xeon 550MHz system.

    Newer desktop systems are equal to the quad box minus the extra cache on the xeons.

    So, IMHO SMP support is not a huge deal and should not be for most sub 1000 user companys.

    --
    Privacy? Not in this lifetime.
  5. Re:would be nice by coene · · Score: 4, Insightful

    The primary install kernel (RAMDISK) does not have support for USB Human Interface Devices (HID). Use PS/2. I know it's a limitation, I've run up against it too. Once you get the OS installed, it will work with the USB KVM fine.

    Or, you could add USB HID support to the RAMDISK kernel on a spare box, and cd /usr/src/distrib && make, and install using the new floppy image.

  6. Re:Interesting feature - spamd by schwap · · Score: 4, Insightful
    - Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.

    Probably 'Free Speech,' but the activity consumes the finite resources of a computer that costs the operator money in electricity, bandwidth, maintenance and access by customers and/or employees.

    There is nothing about 'free speech' that allows one entity to force another to be the carrier or reciever of the idea or message.

  7. Re:Why? by b0r1s · · Score: 4, Insightful

    1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.

    FreeBSD is a close second. The reason you hear so little about FreeBSD's security is that there is no concept of the 'default install', and thus, there's no easy way to tell what FreeBSD's security record would be if you did the default install. But, if you choose the absolute minimum, and configure it similarly to OpenBSD (which is quite easy to do, make sendmail start only on the loopback, set the same defaults for SSH, etc). It's not as secure by default, because there is no default.

    Moreover, anyone who installs services they don't need deserves to get hacked. Need a mail server? You're gonna get hit with the sendmail holes. Need SSH access? You're gonna get hit with the (1) OpenSSH hole. If you don't need the services, they shouldn't be enabled. You can mitigate the threat with firewalling (or hopefully, detaching it from the real internet), but chances are, the holes are going to be in the services you run and not in the OS itself.

    (You could argue that systrace can limit a lot of otherwise horrific vulnerabilities: fair enough. So does chroot() and jail())

    2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.

    FreeBSD. More stable and FASTER.

    3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.

    I agree. 'make buildworld; make buildkernel; make installkernel; reboot ; make installworld' is pretty nice too.

    --
    Mooniacs for iOS and Android
  8. Show your support! by terrencefw · · Score: 3, Insightful

    This is good news for the OpenBSD community indeed, but rather than downloading, you might consider buying the CD set from a retailer near you to fund further development. Given the recent funding issues, now couldn't be a better time to support this superb open source project.

    --
    Like tinyurl, but one letter less! http://qurl.co.uk/
  9. Re:Getting 0wn3d by runderwo · · Score: 4, Insightful
    Ironically, the skript kiddie hasn't been too careful, and he has left the PHP shell unpassworded and unprotected on his system. Running a uname -a through it shows that he's running a vulnerable kernel.
    Erm, careful. What makes you think this isn't some other innocent person's box that the kiddie owned in the first place, perhaps as a cover while building up a botnet by owning other boxes? After all, it has the same vulnerability he's trying to exploit on yours. He probably just got to it first.

    It's too easy to get on the wrong side of the law these days, and you might have a wrong target to boot. I wouldn't risk it.

    --
    LRC, the best-read libertarian site on the web
  10. Re:and still no SMP =( by pmz · · Score: 4, Insightful

    OpenBSD looks fantasic and I was about to give it a whirl when I realized they don't support SMP.

    Consider what OpenBSD excels at and consider these questions:

    Does a firewall really need two 2GHz CPUs?

    How about a router, modest fileserver, or e-mail server?

    Considering the complexity that SMP would probably add to the kernel (race conditions, data integrity, etc.), it may be counter-productive towards the goal of uncompromising security.

    For bigger servers (4 or more CPUs) just run Solaris, FreeBSD, or Linux behind OpenBSD-based infrastructure. I think this is a tasty compromise.

    --
    Healthcare article at Kuro5hin