Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.4 Released

Posted by timothy on from the new-poster-too dept.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

4 of 275 comments (clear)

  1. Thoughts on security by arvindn · · Score: 5, Interesting
    From the release notes:
    Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.
    That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

    Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

  2. TCP/IP by ndavidg · · Score: 4, Interesting

    From a University of Texas CS instructor's web site:

    The Transmission Control Protocol was first formally specified in December of 1974 by Vint Cerf, Yogen Dalal and Carl Sunshine.

    The link can be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/index.shtml

    And supporting documentation will be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/Annotated_Bibliography/index.shtml

  3. Via C3 support by Gothmolly · · Score: 3, Interesting

    1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

    --
    I want to delete my account but Slashdot doesn't allow it.
  4. C'mon OBSD!! by devphaeton · · Score: 3, Interesting

    Can't you hurry up? Look at the front page of bsd.slashdot.org....

    Freebsd released 4.9 before your 3.4!!!

    (j/k)

    On a side note, reading the 2nd or 3rd post about trojaned obsd ISOs floating around the web is really sad and upsetting. I love the open sharing of software and source code around the internet, but i always fear that someday it will be to a point that *everything* has been tampered with, essentially creating a need to look through more source code than anyone has time for. Sure we can solve this with technology (such as with MD5 Checksums) but as we create smarter verification, the internet will create smarter shitheads. I'd hate to think that it will eventually degrade into a win-some/lose-some cat-and-mouse game.

    I actually lost some sleep few months back when the GNU folks announced that their main ftp site got compromised. I realise that servers get cracked every day, but when it's gnu/linux/bsd/oss folks it feels personal.

    I'm not well acquainted with any $krYp+ KyddI3z, cr4x0rz or know what they use, but i'll be willing to bet that their OS and many of their tools are based on software from those they are attacking.

    Assholes.

    --


    do() || do_not(); // try();