Slashdot Mirror
OpenBSD 3.3 Released
An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"
Lets not forget about the OpenBSD Song
-dk
I'm continually impressed by the amount of improvements in each new release of OpenBSD, the frequency of the releases (6 months), and the sheer amount of value that each new release brings.
If anyone hasn't tried OpenBSD yet, give it a shot - you're certain to appreciate the quality that goes into it.
1. The best reason is security. Even with the best planning crackers can sometimes reach the machine in question. OpenBSD has the lowest rate of bugs and security holes of any OS out there. Any serious problems that are found are usually patched within days instead of weeks.
2. Stability. Like a rock. Even running the current branch, you will most likely not have any stability problems. Install, configure, and throw away the key. This is the first OS I've run that I can truthfully say is, besides any necessary patches, maintainence free.
3. BSD systems are much easier to maintain than Linux yet just as powerful as a full Unix. The ports system is well kept up and easy to use and the filesystem is much less cluttered than in Linux.
Very much worth a try if you have never used it.
Just to clarify that, W^X is not "write xor X", but "write xor execute". It's a new policy that OpenBSD uses to specify whether memory is writable or executable, but not both.
This helps prevent buffer overflows on the architectures that support it (sparc, sparc64, alpha, hppa) in that any memory that can be written to cannot be executable, and vice versa - so even if a buffer overflow succeeds in overwriting memory, that memory cannot be executed (or, the memory cannot be overwritten in the first place if it is executable).
Also note that W^X is also available on x86 in -current.
Regarding various troll-slams on OpenBSD... I dunno, I'm using OpenBSD and it's great. Nowhere to go but up, as far as I'm concerned. FreeBSD and NetBSD don't have much of a value proposition in my book compared to mainstream Linux distros, but if you want a secure webserver (or network appliance) without having to patch the thing all the damn time, OpenBSD seems a heck of a lot better than any Linux variant.
That said, I'm not dogmatic about this; it's just the conclusion I've come to based on the evidence I've seen so far.
--LP
With the new normal FAQ upgrades also comes the new PF FAQ:
http://openbsd.org/faq/pf/index.html
spamd, a spam deferral daemon, can be used to tie up resources on a spammer's machine. spamd uses the new pf(4) table facility to redirect connections from a blacklist such as SPEWS or DIPS.
-- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
OpenBSD is built around being secure, not on high performance multiprocessor support for hosting huge database servers.
/. servers, the web server is a PIII 600MHz and the database server is a quad Xeon 550MHz system.
look at
Newer desktop systems are equal to the quad box minus the extra cache on the xeons.
So, IMHO SMP support is not a huge deal and should not be for most sub 1000 user companys.
Privacy? Not in this lifetime.
Theo replied to this a while back
In an SMP environment, auditing all applications and figuring out all race conditions and resource corruption is a nightmare. You never know when a programmer overlooked the fact that a signal handler and a thread could *actually* be running in parallel and cause a race condition.
Theo wants to avoid these pitfalls for now. Thus OpenBSD has no SMP support.
Incorporating SMP support in OpenBSD shouldn't be an issue, mainly because NetBSD from which its derived has had SMP for ages and FreeBSD has it too! The friggin' thing is how to be sure that sendmail's author imagined all parallel excution scenarios and has coded accordingly.
Trust me, SMP environments are bitch to work in and you should either have professional tools to work with or a really good imagination to work out all possible race conditions.
- mritunjai
Also, good luck getting a JDK/JRE to run here. HAHAHAHAHAHA. Fuckers.
I must have good karma.Kan jeg få en pils, vær så snill?
For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control
enjoy it!
Q.
Sure: Anything that produces machine code at run time needs memory that is writable AND executable. It's not such an esoteric trick -- for example many high-performance Smalltalk and Lisp systems compile everything you type down to machine code instead of using a simple interpreter. Then there are dynamically recompiling emulators, ie. just about any high-performance emulator these days, and of course JIT-compiling Java VMs. That's quite a lot of software to disable.