Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.4 Released

Posted by timothy on from the new-poster-too dept.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

94 of 275 comments (clear)

  1. What he/she really meant is... by Anonymous Coward · · Score: 5, Informative


    "Remember to please use a mirror."

    1. Re:What he/she really meant is... by marcovje · · Score: 1


      That list doesn't list the mirrors of the ISO image, since OpenBSD only sells CDs, and does not provide an ISO.

      I found a home grown one using Google:

      http://news.jump.net.uk/openbsd-i386-3.4.iso

    2. Re:What he/she really meant is... by LordHunter317 · · Score: 4, Insightful

      DO NOT USE OpenBSD ISOs you randomly find on the Internet. During the 3.3 release, many people downloaded ISOS, only to find out that they were trojaned. This is not a safe, nor supported way, of installing OpenBSD.

      If you want the CDs so bad, buy them. They're only $40.

    3. Re:What he/she really meant is... by roka · · Score: 3, Informative

      or build them yourself

    4. Re:What he/she really meant is... by marcovje · · Score: 1


      They are $40, while I spend my time to get apps tow work with OpenBSD. And tomorrow every other open source team starts to do the same trick. I think _not_.

      Exit OpenBSD

      The trojan problem can be solved very easily. Let OpenBSD provide ISO's and md5sum them.

    5. Re:What he/she really meant is... by IM6100 · · Score: 2, Funny

      Funny how Microsoft says the same thing about Windows XP isos....

      --
      A Good Intro to NetBS
    6. Re:What he/she really meant is... by rosie_bhjp · · Score: 1

      OpenBSD is an operating system designed with code correctness and security as its primary goals. Downloading the ISO off kazaa or any other untrusted source pretty much negates the whole security aspect. Then misc@ gets filled with posts of OMG OBSD SUXORZZZ!!!1!! I GOT HAXORED!!! Well yeah ya dipshit what did you think was gonna happen?

      The same is true for XP. If you don't feel like plunking down the $150 for a proper copy of XP then dont run it, or at least don't bitch when you get trojaned.

      --
      A radio maverick jumps to internet only. The Future of Rock n Roll
    7. Re:What he/she really meant is... by molnarcs · · Score: 1

      This mirror (OFFICIAL, check mirror list on openbsd site) has the ISOs. GOOD ADVICE btw!

    8. Re:What he/she really meant is... by mirabilos · · Score: 1

      On the other hand,
      * their website does not support SSL (https)
      * their FTP servers, where you can get the
      CTM base {,split} files and deltas, does not
      support SSL (sftp)
      * their SSH servers' fingerprints aren't published,
      or even (better) a skeleton known_hosts file
      included on the CD
      * they don't provide signed RMD160 sums of the
      files on the CD (signed with pgp 2.6.3i{a,n},
      so even people like me that don't trust newer
      pgp/gpg versions can verify these)

      The MirOS project does most of these. Plus, we
      do provide a bootloader which is capable of
      handling hard discs larger than 8 GB in size.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    9. Re:What he/she really meant is... by IM6100 · · Score: 1, Informative

      There are easy ways of 'signing' the ISO and keeping the 'signature', i.e. an MD5 sum, on a secured website and/or just widely distributing it.

      OpenBSD is selling a product, it's that simple, and it's acceptable for them to do so. However, the way that they do so detracts and even diminishes the security a little (widely distributing a way to 'validate' a downloaded version would enhance security)

      --
      A Good Intro to NetBS
    10. Re:What he/she really meant is... by mirabilos · · Score: 1

      I must say I will prove you wrong. Actually, it
      happens to be truth that MirOS cannot die:

      MirOS BSD and MirPorts is nothing else than MirBSD,
      which is defined as ``the contents of _my_ /usr/src
      and /usr/ports and thus cannot die by definitionem.

      MirOS Linux isn't even a pure BSD, so it's not
      dead either.

      Actually I think I proved you wrong. Jane.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    11. Re:What he/she really meant is... by mirabilos · · Score: 1

      In case you mean me, I'm no stinking US American.

      --
      My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
    12. Re:What he/she really meant is... by Syberghost · · Score: 1

      The OpenBSD hackers' credo:

      Information wants to be $40.

  2. shocking concern by t0ny · · Score: 5, Funny
    Remember to please use a mirror

    Since when does Slashdot care about overloading webservers?

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

    1. Re:shocking concern by Anonymous Coward · · Score: 4, Funny

      And here I thought it was a comment about personal grooming...

    2. Re:shocking concern by loraksus · · Score: 2, Funny

      Please. We "care" every single time a new link gets posted. It takes work to pick out the master link and set opera to refresh every second - especially when the editors post mirrors.

      That said, I thought freebsd was dying ;)

      --
      1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcfv gbhnjmk,l.;/
    3. Re:shocking concern by chadm1967 · · Score: 1, Insightful

      Okay, actually, this is OpenBSD......

      It's not funny when it's done right. It's extremely not funny when you do it wrong.

  3. Rubbish by imtheguru · · Score: 1

    Server is working just fine.

    --
    Yet Socrates himself is particularly missed.
    A lovely little thinker but a bugger when he's pissed.
  4. Re:Uhoh by Pingular · · Score: 1

    It appears I was wrong! From Netcraft:
    OS: Solaris Server: Apache/1.3.27 (Unix) PHP/4.3.1 mod_perl/1.27

    --

    When anger rises, think of the consequences.
    Confucius (551 BC - 479 BC)
  5. no, no, you don't understand... by jusdisgi · · Score: 5, Funny

    ...perfect code is irrelevant to security! Didn't you hear me?!

    -Bill

    --
    Given a choice between free speech and free beer, most people will take the beer.
    1. Re:no, no, you don't understand... by Anonymous Coward · · Score: 1, Interesting

      The truth is, perfect code *should* be irrelevant to security.
      I've been working with IT-security for 6 years, and the thing is, it doesn't matter how good of a programmer you are, eventually, you will fuck up; that's why security should be in the design, not the code, mostly in the design of the OS.
      VMS is a good example of this, there where a lot of shoddy code in VMS, but it's really secure -- by design!

      First design, then langue, least important is, or if done properly at least, the code itself.

    2. Re:no, no, you don't understand... by segment · · Score: 1

      Man oh man would I hate to have you in my shop. Hopefully you have no intentions of pursuing your CISSP or something similar. Code should be the upmost since it is the foundation. Let's go into a different subject for analogy shall we... You build a 4 story house made of the toughest concrete money can buy. You use the strongest nails, wood through the walls, and to bind it all together. Foundation oh no don't worry let's use rubber bands, hell all that 'security' we used on the walls and ultra 31337 concrete will support the house forget the foundation...

      Yea, I'm with you, if a hurricane comes crawling it won't do nothing because I used superconcrete 5.0... Don't you think that house can just be lifted as one piece and thrown.

      --
      MoFscker
    3. Re:no, no, you don't understand... by platipusrc · · Score: 1

      I think a better analogy for you would be something like this:

      design of project : design of house

      programming language : materials of house

      coding : putting together the house

      the coding wouldn't be the foundation, it would be the putting together of the materials of the entire house. If you have a good design and materials, a slight mistake somewhere shouldn't bring down the whole house.

      --
      And the muscular cyborg German dudes dance with sexy French Canadians
    4. Re:no, no, you don't understand... by jusdisgi · · Score: 1

      Hey, jackass...that was a JOKE! Didn't you read the story 4 hours before this one quoting Bill Gates as saying exactly what I just said? I mean, my name is not Bill. ...hence the +5 Funny.

      --
      Given a choice between free speech and free beer, most people will take the beer.
    5. Re:no, no, you don't understand... by jusdisgi · · Score: 1

      Wait...how is that not free? I don't get it...I mean, sure, the license doesn't force other people to keep *derivative works* free, but so what? Does that somehow restrict you? Does the fact that Microsoft can use BSD code in Windows (and does) somehow infringe upon the freedom of the BSD I run? No. The software has still been made available on extremely permissive terms...it's still free software.

      In fact, it's more free than GPL software....the GPL places lots of restrictions on distribution, impairing the user or developer's freedoms.

      In other words, just because bsd-style licensors let people relicense the software doesn't mean the original software, while bsd-licensed, isn't free. It's the fact that *it* (and not necessarily anything added to it by other parties) was available at least once under that license...that's what makes it free.

      BTW, yeah, I have an openbsd firewall, and two freebsd servers. And a bunch of linux desktops, including the one I work on all day. As it happens, I personally like the GPL approach better, mostly because of ideological issues with the software industry. But I can see both sides...lots of folks don't see any reason to keep people from commercializing their work. It's their work; I say let 'em.

      --
      Given a choice between free speech and free beer, most people will take the beer.
    6. Re:no, no, you don't understand... by jusdisgi · · Score: 2

      Ordinarily I would just let this go. But this guy is such a total cocksucker, I think I'll feel just a bit less disgusted if I dismantle his post.

      "They don't have the same brain power that you or I have."

      --Right. Like the brain power to detect dripping sarcasm in the parent post, as neither of you did? Or to notice its obvious relation to the story 4 down from this one? Or like the brain power required to see the fact that Blacks/Whites/Asians/etc. are actually *different species*? Man, that one even has the entirety of the scientific community fooled; you must be fucking brilliant!

      "They are a distant relative to be sure, but they are less evolved than humans."

      --What about my friend, a white man, his wife, who is black, and their daughter? Is she black, or white? And if she's black, does that make her a "distant relative" to her father? And while we're at it, doesn't the child by definition have to be "more evolved" than the parent? I mean, the child receives the full evolution inherent in the parent's genes, plus one more random resequencing.

      "Have you ever noticed how similar Negroes are to the apes in a zoo."

      --Have you ever noticed how questions tend to end with question marks? However, if you want to find out who's the more apeish, let's compare:

      1)They say that, given infinite time, a thousand monkeys with typewriters would write A Song Flung Up to Heaven by Maya Angelou.

      2)By contrast, one braindead monkey could come up with your post while eating bugs out of your mother's hair.

      "by Anonymous Coward"

      --Got that right. Could have said "by Anonymous white-trash bitch who's daddy should have pulled out and left him as a cumstain on the backseat of his pinto."

      --
      Given a choice between free speech and free beer, most people will take the beer.
    7. Re:no, no, you don't understand... by duffbeer703 · · Score: 1

      Holy cow! Where have you been all of these years! Has anyone ever told you that you are a true-blue absolutely amazing genius!

      Code is the implementation of design, fucktard. No matter what your UML diagram says, one or more bugs in critical parts of a design can lead to a security breach...

      --
      Conformity is the jailer of freedom and enemy of growth. -JFK
  6. Re:Uhoh by stefanjo · · Score: 1

    Nothing strange about that.

    http://www.openbsd.org/faq/faq8.html#wwwsolaris

  7. Re:OpenBSD performance facts by Krunch · · Score: 1

    Read more about it here.

    --
    No GNU has been Hurd during the making of this comment.
  8. OpenBSD is INSECURE, try Cryptech RAP BSD by Anonymous Coward · · Score: 3, Funny

    How can anyone trust an operating system like OpenBSD when its insecure, come on it still has a root account, You obvoously haven't used Cryptech Radicacally Advanced PowerBSD. This operating system uses the "swallow the key" principle. Once installed, you are pernemently in a sandbox, with NO WAY to get root access becasue THERE IS NONE, For extra security the Installation CDROM has a built in Self destruct mechanism. Once It installs it scans a special diode embedded into the disk and destroys the CDROM. No one has managed to hack a Cryptech RAP BSD box, and I have ran one connected to the Internet on a high volume site (10,000,000 hits a month) which publishes controversail material. Noone out of the THOUSANDS of kiddies have manged to get in so far, and good riddance.

  9. OpenBSD song by Malcolm+Scott · · Score: 5, Informative

    And make sure you listen to the release song too. It's great :-)

  10. Re:A message from Theo by Krunch · · Score: 2, Interesting
    From http://openbsd.org/errata33.html
    All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
    No exploit was publicly availiable before it has been fixed (AFAIK).
    --
    No GNU has been Hurd during the making of this comment.
  11. Thoughts on security by arvindn · · Score: 5, Interesting
    From the release notes:
    Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.
    That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

    Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

    1. Re:Thoughts on security by OttoM · · Score: 4, Informative

      The kernel has its own set of library functions, aptly named "the kernel library". This kernel library included strcpy() and strcat(), but not aymore.

    2. Re:Thoughts on security by __past__ · · Score: 5, Insightful
      That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.
      You realize that OpenBSD is not a clean-room reimplementation of Unix? Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself. Obviously, there was a time where programmers thought gets would be a useful function...
      --
      Programming can be fun again. Film at 11.
    3. Re:Thoughts on security by donhav · · Score: 2, Informative

      A openBSD release contains far, far more than just the kernel its all the userland as well. IE: things like grep and diff and csh. There are hundreds of these programs. The OpenBSd team puts a lot of effort into making the whole release secure not just the kernel.

    4. Re:Thoughts on security by dmiller · · Score: 4, Informative

      Note thst strcpy() and friends _can_ be used safely, and the usage of the ones in the tree before the removal had been audited at least once. For example, the following construct is safe (assuming you check the malloc return):

      len = strlen(foo) + 1;
      bar = malloc(len);
      strcpy(bar, foo);

      But is was easier to just banish them from the tree entirely, so that it is easier to grep for potentially unsafe ones when new code is imported.

    5. Re:Thoughts on security by Pierre · · Score: 2, Funny

      what we're not supposed to use strcpy?

    6. Re:Thoughts on security by hey · · Score: 2, Informative

      I can't think of any way to use gets() safely.

      s = malloc(INFINITY);
      gets(s);

    7. Re:Thoughts on security by sphealey · · Score: 1
      That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.
      Two factors. First, there is a difference between "dangerous" and "unsafe". Explosives are dangerous but they are used safely on construction sites every day.

      Second, there is also danger in changing code that is known to work. I read a quote once from the IBM guy responsible for the core of IBM's MVS mainframe OS: "old code is good code". If it is known to be working, even if it uses dangerous tools, it is better to leave it be while you study the situation carefully and replace the dangerous (but not necessarily unsafe) tools in a controlled manner.

      sPh

    8. Re:Thoughts on security by zangdesign · · Score: 1

      Considering the times we live in now, where every little asshat is trying to get into your computer by any means possible, sometimes for no better reason than because they can, it is probably best to remove the old code that may be exploited.

      At least until they make hacking punishable by instant death.

      --
      To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
    9. Re:Thoughts on security by damballah · · Score: 1

      Does the linux kernel still have those occurences of strcpy(), etc?

    10. Re:Thoughts on security by Anonymous Coward · · Score: 2, Insightful

      "Too lazy (or too dumb) to use grep(1)?"

      Figures that someone would be an asshole about this. Perhaps the guy doesn't use Linux and it's a pain in the ass to go download all the source, uncompress it, and then grep it out when there's someone that already knows the answer to this simple question?

      Sheesh, grow up.

    11. Re:Thoughts on security by dmiller · · Score: 1

      You are right, but you can use width specifiers, e.g. sprintf(bar, "(%.10s)\n", foo);

    12. Re:Thoughts on security by multi+io · · Score: 1
      I can't think of any way to use gets() safely.

      You just have to ensure externally that stdin fulfils specific constraints (EOF or '\0' among the next N characters, for some known N). This may well be possible, for example if you've redirected stdin to a trusted file with known contents, or your program is at the receiving end of an internal pipe in a larger system of trusted interoperating programs you've all written yourself, so you know exactly how stdin looks.

    13. Re:Thoughts on security by tmp_user · · Score: 1

      > Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself.

      Considering that Todd Miller and Theo de Raadt implemented strl* in 1996 ( http://www.courtesan.com/todd/papers/strlcpy.html ) and OpenBSD was forked from NetBSD in '95 (which is quite old itself ( http://netbsd.org/Misc/history.html )) I'd say that that's an understatement...

  12. Why the delay? by stu_coates · · Score: 1

    Looks like the announcement has been delayed a little as I've had the OpenBSD3.4 CDs for over a week now, ordered from the OpenBSD online store!

    1. Re:Why the delay? by Krunch · · Score: 2, Informative

      I think people who order the CD get it before it is availiable from FTP. The FTP release was set for November 1 but it was changed to October 30. http://deadly.org/article.php3?sid=20031030183459& mode=flat

      --
      No GNU has been Hurd during the making of this comment.
    2. Re:Why the delay? by ryanr · · Score: 2

      Me too. I had pre-ordered 3.4 a month or so ago when the idiots were crowing about the OpenSSH patches, as a way to support the OpenBSD project. I think they showed up last weekend.

      Buy the CDs people, and support the project. Plus, you get the OpenBSD songs in full Redbook glory, and stickers!

    3. Re:Why the delay? by puff+the+barbarian · · Score: 1, Informative
      and stickers!

      Sadly, my OBSD3.4 CD set included no stickers. Did anyone else get deprived of their stickers?
  13. From the changelog by debilo · · Score: 5, Funny

    Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment.

    Gotta love that.

    1. Re:From the changelog by Anonymous Coward · · Score: 1, Informative

      You don't understand the *bsd license.

      It is 100% incompatible with the GPL.

      Code can not be released under both.

      It doesn't matter how good or bad the Torald's code is. That has nothing to do with it.

      Shortcut description: bsd code is truly free as in free-for-any-use-just-put-our-notice-on-it but gpl code is only free as in free-but-only-if-you-give-us-any-changes-and-any-o ther-code-that-interacts-too-closely-with-ours.

  14. Unfortunately by Ryvar · · Score: 5, Informative

    Unlike 3.3, which made it months before a single security-related patch was issued, 3.4 LAUNCHES with 3 such patches.

    That said, it's such a huge release in terms of changes made (x86 Write or eXecute memory pages, for one) that it's more than worth the upgrade.

    As with most such fundamental updates to OBSD, though, I expect this release to be significantly patchier than the last couple.

    --Ryv

    1. Re:Unfortunately by braddeicide · · Score: 2, Informative

      Its been released with patches cause its already a month old before its released onto ftp

    2. Re:Unfortunately by KrispyKringle · · Score: 1

      I only see one security patch and two reliability patches. And all of these patches are for vulnerabilities affecting 3.3, which are so recent they simply had not been fixed in the 3.4 release. I don't see that as a very big deal. When you first install RedHat from CD, even if you just downloaded the ISO, you better well patch from the Internet.

  15. Binary format changed to ELF by snake_dad · · Score: 5, Insightful
    Be careful when upgrading from older versions of OpenBSD, the upgrade procedure for i386 is a little bit more complicated than usual. As noted here and here. There's a document describing a possible upgrade path available from 3.3 to 3.4.

    As I was lucky enough to run into this on a relatively new install I could just do a complete reinstall, but not reading the upgrade instructions can get you in a lot of trouble this time... :)

    --
    karma capped .sig seeking available Slashdot poster for long-term relationship.
    1. Re:Binary format changed to ELF by stefanjo · · Score: 1

      If I remember correctly it was because prior to the adding of W^X there were no need to switch to ELF. I could be wrong though.

    2. Re:Binary format changed to ELF by ^BR · · Score: 1

      Well, unlike under Linux, OpenBSD had shared libs in a.out already so there was no ELF features that where really needed. The main reason for going to ELF was that binutils are only well maintained for ELF and the cost of the change was inferior to the cost of maintaining a.out in binutils. And ELF binaries made W^X way easier.

  16. Re:How RedHat's Linux Can Defeat Micr$oft's Windoz by Anonymous Coward · · Score: 1, Informative

    You're wrong. TCP/IP was developed by Berkely and later included in AT&T Unix. Microsoft's TCP/IP is derived from the Berkely (BSD) version.

  17. Mirror Operators, Report! by Anonymous Coward · · Score: 2, Interesting

    Does anyone who runs a mirror care to describe the traffic hit that comes with the rush to download 3.4? I remember seeing the stats for the FreeBSD Walnut Creek server handling tons of traffic whenever the next version of something it was serving was released. Generally it was RedHat, ironically.

    While I order CDs to support the project, I run snapshots for many things, and being close to a mirror (OC-3 linking our sites), it takes minutes to install via ftp.

    1. Re:Mirror Operators, Report! by marcovje · · Score: 1


      There is no spike. OpenBSD as only OSS OS doesn't provide ISO's, you need to do your own final release building step, this to keep CD sales up

      Everybody downloads it homegrown ISO's from non official mirrors.

    2. Re:Mirror Operators, Report! by Homology · · Score: 1
      There is no spike. OpenBSD as only OSS OS doesn't provide ISO's, you need to do your own final release building step, this to keep CD sales up

      SuSE does the same, actually.

    3. Re:Mirror Operators, Report! by marcovje · · Score: 1


      Which is why I don't use SUSE either.

  18. Re:OpenBSD performance facts by quigonn · · Score: 4, Funny

    And you think the discussion on the OpenBSD side was less biased? Well, I'll just show you some of the comments from misc@openbsd.org about the article:

    "Because as Lars pointed out before, benchmarks are seldom little more than a great way to use numbers to prove your point. Especially coming from this overtly pro-linux, anti-openbsd in the flesh little devil Felix. The benchmarks he provides serve little more than to feed his
    pro-linux ego and no real interest in improving OpenBSD, and neither do your (collectively) rantings as to this being proof that OpenBSD is broken. [...] The intuitive way to meet this attitude is to benchmark now the security advantages of OpenBSD where it outperforms Linux."

    "Leitner is a linux bigot, he's very anti-openbsd (obvious to anyone who's ever read his rantings), the tests shows OpenBSD in a bad light, draw your own conclusions."

    "I have better things to do than testing networking performance of operating systems. I'm very busy already. I've chosen OpenBSD as my server OS, because security is my main concern. I like it a lot. So far, nothing I've read has convinced me to install something else. I took time however to discredit (rightfully I think) this guy's test, because it struck me as being very unjust."

    "Theo could easily rewrite OpenBSD to thrash these other OSes, real things like multiprocessor support are a real drag for them, so OpenBSD could be heaps faster. But who cares how many binds/second can be done, this isn't real "work", so what does it prove?"

    I especially like the last one. :-) It shows the real attitude of most OpenBSD fanboys. Later, in the newsgroup de.alt.sysadmin.recovery, Felix summarized what kind of emails he got from the different projects. Some of the Linux people found it interesting, FreeBSD seems to have been quite friendly too (a few asked about benchmarking 4.8), the NetBSD people immediately explained why the mmap benchmark measured a worst case situation in NetBSD, and immediately started improving NetBSD performance-wise. But about OpenBSD he wrote that he only got only two emails that were not insulting. Some people even explained to him that the 1024 cylinder limit he mentioned in the article doesn't exist (it does! I know one person that tried to fix it, but his patches were not taken because he used intel syntax instead of AT&T syntax in some assembler files), and some people said that OpenBSD doesn't crash as he described. So far, the crash could be reproduced and is in the OpenBSD bugtracking system.

    --
    A monkey is doing the real work for me.
  19. Re:OpenBSD performance facts by Anonymous Coward · · Score: 1, Insightful

    And of course you are completely unbiased. I note you did not give a sampling of the many posts that acknowledge OpenBSD is never going to be the best performing OS out there. And it is pretty obvious the developers trade off performance for security (in both their effort and their designs). Are Linux and FreeBSD better performers? Do they scale better than OpenBSD? Yes. Of course they do. Is it a big deal? Well, that depends on what you want to do doesn't it?

  20. Yes, by Anonymous Coward · · Score: 1, Funny

    it will be called the "Tombstone".

  21. Re:OpenBSD performance facts by Krunch · · Score: 1
    <hoponpopa> the difference between netbsd, freebsd, and openbsd, as an insider is freebsd is interested in getting things done, and doesn't mind hurting people who get in their way.
    <hoponpop> netbsd is interested in making sure nothing gets done, and doesn't mind hurting people who try to accomplish things.
    <hoponpop> openbsd is interested in looking good, and doesn't hurt anyone in their own little community, but look out everybody else!
    I don't know if this quote reflects the reality but the only *BSD I ever used is OpenBSD for my firewall/gateway. It runs fine for some months now and I can't see any reason why I should change to Linux or another *BSD (I love pf).
    --
    No GNU has been Hurd during the making of this comment.
  22. I think his question by mindstrm · · Score: 2, Insightful

    was more like
    "Given the ferocity with which the OpenBSD nazis fix things like this in their code wouldn't this sort of thing, in the kernel, be one of the first things they did?"

    Indeed, I thought this was done quite a while ago...

    1. Re:I think his question by __past__ · · Score: 2, Funny

      Maybe they were busy with their "security by repeated assertion" strategy before.

      --
      Programming can be fun again. Film at 11.
  23. Don't worry about the ghosts and goblins... by awarnack · · Score: 4, Funny

    It's the DAEMONS you have to worry about... (it had to be said, right? RIGHT???)

  24. Re:How RedHat's Linux Can Defeat Micr$oft's Windoz by marcovje · · Score: 1


    TCP/IP was developped for 4.3 BSD NET/2 release funded by a governmental DARPA grant.

    All other OSes borrowed from it, and Microsoft didn't steal it, since Microsoft pays taxes too.

  25. TCP/IP by ndavidg · · Score: 4, Interesting

    From a University of Texas CS instructor's web site:

    The Transmission Control Protocol was first formally specified in December of 1974 by Vint Cerf, Yogen Dalal and Carl Sunshine.

    The link can be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/index.shtml

    And supporting documentation will be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/Annotated_Bibliography/index.shtml

    1. Re:TCP/IP by Vint+Cerf · · Score: 1

      You know, I think you're right.

    2. Re:TCP/IP by ndavidg · · Score: 1

      It's nice to have an unbiased opinion agree.

  26. Just a thought ... by Scholasticus · · Score: 1

    Since everyone else is doing it now, why isn't there a *.torrent file for this release of OpenBSD?

  27. Re:Europe is living through fascism it now by Theatetus · · Score: 1

    Because in English abstract nouns usually do not receive the definite article [see Mosse -- accent aigu on the "e" but I'm too lazy to look up the escape code -- for a good history of that]. Hence "Man" referring to humanity in general (compare "l'homme" or "ho anthropos"), or in this case "World Peace" referring to the idea of peace in the world.

    --
    All's true that is mistrusted
  28. WRONG by Anonymous Coward · · Score: 2, Informative

    You can relicense the code. Look at the numerous projects out there that are avaliable under multiple licenses.

    1. Re:WRONG by Anonymous Coward · · Score: 1, Insightful

      But then what's the point of releasing it under the GPL? One could alyways take the BSDL instead and bypass the restrictions.

    2. Re:WRONG by Anonymous Coward · · Score: 1, Informative

      The point is, if you were nice enough, you might be able to convince Linus to re-relase a sliver of his code (in this case the math emulation code in question) under the BSD license.

  29. Via C3 support by Gothmolly · · Score: 3, Interesting

    1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

    --
    I want to delete my account but Slashdot doesn't allow it.
    1. Re:Via C3 support by Homology · · Score: 5, Informative

      1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

      This is before optimization is done, and according to Theo, this is what they are doing right now. The chip is capable of 12.5 Gbit.

  30. Re:To: OpenBSD team From: Security Exploits by ryanr · · Score: 1


    1 point for sarcasm, -2 points for not knowing that the p designation refers to the portable version of OpenSSH, not patch release.

  31. Re:A message from Theo by ryanr · · Score: 1

    At most 2, if the first one found is shown to be exploitable at some point. The other one was in the portable (i.e. non-OpenBSD) version of OpenSSH only.

  32. Re:Just a thought ... Go buy the official CD's by Anonymous Coward · · Score: 4, Insightful

    Because OpenBSD does not offer any iso images for download. The official iso images are copyrighted by Theo and can only be gotten by buying the CD's or by pirating them. Or course you could make your own homebrew iso images, that's perfectly legal, and then distribute them as torrent files. But the OpenBSD project depends on CD sales to fund the continued development of the OS. Go buy the official CD's.

  33. Re:Guess what... by damballah · · Score: 2

    Thanks for being so understanding, I don't have broadband. I figure that it would be common knowledge whether linux used safe calls to these functions or not...I didn't ask you to go through the sources, btw. You put yourself through that.

  34. Ports, Not Kernel by KrispyKringle · · Score: 1
    The quote was that "running it over the source and ports trees revealed over a hundred" uses. Now, you may be right to criticize the source tree occurrences--after all, what about that long, long time spent reviewing and auditing all the existing code (three years, if I remember right)--but the ports tree is specifically described as often unaudited and out of date. The ports tree is entirely third-party applications, and the OpenBSD project takes no responsibility for them. Things are hit or miss, and this is just a case of them hitting the mark and fixing a problem that wasn't really theirs anyway.

    OpenBSD makes a distinction between ports and packages; packages are recommended because they are maintained actively and more thoroughly audited; ports are sort of `use at your own risk'.

  35. Re:To: OpenBSD team From: Security Exploits by SuperBanana · · Score: 1
    1 point for sarcasm, -2 points for not knowing that the p designation refers to the portable version of OpenSSH, not patch release.

    Zero points for not being able to pull your head out of your ass and laugh, and for chrissakes, it was NOT a troll, it was a JOKE. Jesus you OpenBSD people are touchy.

    --
    Please help metamoderate.
  36. Re:OpenBSD performance facts by Caligari · · Score: 4, Informative
    Instead of judging the entire OpenBSD community by a couple of random emails on misc@ (which is the mailing list specifically for stupid questions and answers), why don't you report what the tech@ people were saying?

    If you did, you would how the ACTUAL OpenBSD developers responded to fefe's benchmarks.

    For example, here is what Ted Unangst (a very major committer to OpenBSD) replied to requests for help improving performance:

    "apply the patch below to your mmap benchmark. a real application is unlikely to use pread and mmap. openbsd uses a separate cache for read and mmap calls. while it seems you are attempting to time only a page fault with cached data, that is not happening on openbsd.

    the results for all other OS should remain the same, but OpenBSD improves dramatically. the adjusted benchmark is a much closer match to application behavior in reality."
    Which was followed by above-mentioned patch.

    I don't think it's fair for you to judge an entire operating system community based on the contents of a few selected emails. By doing so, you are being just as biased as you say the others are.

    --
    The moving cursor writes, and having written, blinks on.
  37. C'mon OBSD!! by devphaeton · · Score: 3, Interesting

    Can't you hurry up? Look at the front page of bsd.slashdot.org....

    Freebsd released 4.9 before your 3.4!!!

    (j/k)

    On a side note, reading the 2nd or 3rd post about trojaned obsd ISOs floating around the web is really sad and upsetting. I love the open sharing of software and source code around the internet, but i always fear that someday it will be to a point that *everything* has been tampered with, essentially creating a need to look through more source code than anyone has time for. Sure we can solve this with technology (such as with MD5 Checksums) but as we create smarter verification, the internet will create smarter shitheads. I'd hate to think that it will eventually degrade into a win-some/lose-some cat-and-mouse game.

    I actually lost some sleep few months back when the GNU folks announced that their main ftp site got compromised. I realise that servers get cracked every day, but when it's gnu/linux/bsd/oss folks it feels personal.

    I'm not well acquainted with any $krYp+ KyddI3z, cr4x0rz or know what they use, but i'll be willing to bet that their OS and many of their tools are based on software from those they are attacking.

    Assholes.

    --


    do() || do_not(); // try();
  38. Re:OpenBSD performance facts by mirabilos · · Score: 1

    Hey, I know you :)

    You're actually reading comments on /.
    You must be bored then :)

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  39. Re:A message from Theo by mirabilos · · Score: 4, Informative

    The two bugs you mention, weren't actually bugs
    in OpenBSD.

    * one was a bug in PAM and most GNU vendors
    * one is a bug, but can't be exploited due to
    W^X, propolice, NXSTACK, NXHEAP and friends.

    Heck, I've tried the gobbles exploit again
    against OpenBSD-2.9-OpenSSH where it worked
    back then. It failed to run due to these four.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  40. Re:To: OpenBSD team From: Security Exploits by ryanr · · Score: 1

    Heh, rather amusing since you're guilty of exactly the thing you accuse me of. :)

  41. Re:OpenBSD performance facts by mcroot · · Score: 2, Insightful

    Perhaps I'm being a little too demanding. But if you can't properly operate the disk partitioning tools for an OS, maybe you aren't really qualified to be doing benchmarks on it.

    Most of the comments about Felix being an idiot have good reason for doing so. He went out of his way to trash talk OpenBSD, and most of the problems he encountered were as a direct result of his inability to RTFM. Why should the OpenBSD community have any patience for someone who bechmarks first and ask's questions later ?

  42. Re:OpenBSD performance facts by ajr_trm · · Score: 1

    It runs fine for some months now and I can't see any reason why I should change to Linux or another *BSD (I love pf).

    You can use pf with FreeBSD pf_freebsd-1.0_7 as well as ipf and ipfw. For me the reason for using OpenBSD for firewalls in the past was that it had altq integrated in kernel and that time if you wanted to use altq with FreeBSD you had to apply patches for "release" kernel version. Now altq is in FreeBSD kernel too.