Slashdot Mirror
OpenBSD 3.3 Released
An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"
Lets not forget about the OpenBSD Song
-dk
I'm continually impressed by the amount of improvements in each new release of OpenBSD, the frequency of the releases (6 months), and the sheer amount of value that each new release brings.
If anyone hasn't tried OpenBSD yet, give it a shot - you're certain to appreciate the quality that goes into it.
...from someone *besides* Apple, OpenBSD is the bank they should look at!
Aside from maybe the esoteric trusted OSes (i.e. Trusted Solaris), is there really another "mainstream" OS people can just rely on for security?
Hell, Bill G oughtta just start waving $$$ in front of Theo and company until they all say "OK, that will do" and join MS to show them Redmond boys the Right Way (TM) to lock down an OS*!!!
* of course the Office team would no doubt open right back up any holes the new security-conscious OS team closed down...
I've been using Freebsd on my servers as of fairly recently and so far I love it. As a result, my intrest in BSD in general has grown. I was looking just today at OpenBSD and NetBSD features. OpenBSD looks fantasic and I was about to give it a whirl when I realized they don't support SMP. Now this wouldn't be an overly huge issue if it were primarily a desktop OS. I applaude all the work that has obviously gone into this project. But I will be overjoyed the day I see SMP added to the new feature list. This is NOT a troll. I think the way it stands is extremely impressive. I just want to express my sincere desire to see SMP support. =)
1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.
2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.
3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.
Very much worth a try if you have never used it.
Just to clarify that, W^X is not "write xor X", but "write xor execute". It's a new policy that OpenBSD uses to specify whether memory is writable or executable, but not both.
This helps prevent buffer overflows on the architectures that support it (sparc, sparc64, alpha, hppa) in that any memory that can be written to cannot be executable, and vice versa - so even if a buffer overflow succeeds in overwriting memory, that memory cannot be executed (or, the memory cannot be overwritten in the first place if it is executable).
Also note that W^X is also available on x86 in -current.
Regarding various troll-slams on OpenBSD... I dunno, I'm using OpenBSD and it's great. Nowhere to go but up, as far as I'm concerned. FreeBSD and NetBSD don't have much of a value proposition in my book compared to mainstream Linux distros, but if you want a secure webserver (or network appliance) without having to patch the thing all the damn time, OpenBSD seems a heck of a lot better than any Linux variant.
That said, I'm not dogmatic about this; it's just the conclusion I've come to based on the evidence I've seen so far.
--LP
With the new normal FAQ upgrades also comes the new PF FAQ:
http://openbsd.org/faq/pf/index.html
spamd, a spam deferral daemon, can be used to tie up resources on a spammer's machine. spamd uses the new pf(4) table facility to redirect connections from a blacklist such as SPEWS or DIPS.
-- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I was quietly downloading the packages, and then you had to send the /. hoards after it. Now their bandwidth is shot to hell. I mean, I'm all for sharing, but I wanna get my copy before I start sharing... ;-)
ehintz
The primary install kernel (RAMDISK) does not have support for USB Human Interface Devices (HID). Use PS/2. I know it's a limitation, I've run up against it too. Once you get the OS installed, it will work with the USB KVM fine.
/usr/src/distrib && make, and install using the new floppy image.
Or, you could add USB HID support to the RAMDISK kernel on a spare box, and cd
*BSD is dying to announce that it has once again improved that which was already considered perfect.
Way to go!
Saying your OS is the best because more people use it is like saying MacDonalds make the best food
1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.
FreeBSD is a close second. The reason you hear so little about FreeBSD's security is that there is no concept of the 'default install', and thus, there's no easy way to tell what FreeBSD's security record would be if you did the default install. But, if you choose the absolute minimum, and configure it similarly to OpenBSD (which is quite easy to do, make sendmail start only on the loopback, set the same defaults for SSH, etc). It's not as secure by default, because there is no default.
Moreover, anyone who installs services they don't need deserves to get hacked. Need a mail server? You're gonna get hit with the sendmail holes. Need SSH access? You're gonna get hit with the (1) OpenSSH hole. If you don't need the services, they shouldn't be enabled. You can mitigate the threat with firewalling (or hopefully, detaching it from the real internet), but chances are, the holes are going to be in the services you run and not in the OS itself.
(You could argue that systrace can limit a lot of otherwise horrific vulnerabilities: fair enough. So does chroot() and jail())
2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.
FreeBSD. More stable and FASTER.
3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.
I agree. 'make buildworld; make buildkernel; make installkernel; reboot ; make installworld' is pretty nice too.
Mooniacs for iOS and Android
Also, good luck getting a JDK/JRE to run here. HAHAHAHAHAHA. Fuckers.
I must have good karma.Kan jeg få en pils, vær så snill?
Damn, that business with the prioritizing ACKs sounds fantastic! I have the same setup as in their example (ADSL 512Kb down/128Kb up) and always have to put upload limits on filesharing programs so they only upload at maybe 11KB or 12KB per second, 'cos if I let them hit their full 16-ish KB/sec, the downloads choke and die.
I might have to salvage some crappy old box from work and see if I can't set it up as an OpenBSD gateway..
For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control
enjoy it!
Q.
Sure: Anything that produces machine code at run time needs memory that is writable AND executable. It's not such an esoteric trick -- for example many high-performance Smalltalk and Lisp systems compile everything you type down to machine code instead of using a simple interpreter. Then there are dynamically recompiling emulators, ie. just about any high-performance emulator these days, and of course JIT-compiling Java VMs. That's quite a lot of software to disable.
It's too easy to get on the wrong side of the law these days, and you might have a wrong target to boot. I wouldn't risk it.
LRC, the best-read libertarian site on the web
No its still a.out. You need to get a recent snapshot of CURRENT to get ELF.
How about "FTPing Releases" right in the middle of the front page? How hard was that? I can't believe you are able to grasp the concept of OpenBSD, develop the initiative to install it, and realize that mirrors are a good idea (not to mention you are apparently a college student) yet you cant even read a simple web page.
-- Never hit a man with glasses. Hit him with a baseball bat.