Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.4 Released

Posted by timothy on from the new-poster-too dept.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

41 of 275 comments (clear)

  1. What he/she really meant is... by Anonymous Coward · · Score: 5, Informative


    "Remember to please use a mirror."

    1. Re:What he/she really meant is... by LordHunter317 · · Score: 4, Insightful

      DO NOT USE OpenBSD ISOs you randomly find on the Internet. During the 3.3 release, many people downloaded ISOS, only to find out that they were trojaned. This is not a safe, nor supported way, of installing OpenBSD.

      If you want the CDs so bad, buy them. They're only $40.

    2. Re:What he/she really meant is... by roka · · Score: 3, Informative

      or build them yourself

    3. Re:What he/she really meant is... by IM6100 · · Score: 2, Funny

      Funny how Microsoft says the same thing about Windows XP isos....

      --
      A Good Intro to NetBS
  2. shocking concern by t0ny · · Score: 5, Funny
    Remember to please use a mirror

    Since when does Slashdot care about overloading webservers?

    --

    Manipulate the moderator system! Mod someone as "overrated" today.

    1. Re:shocking concern by Anonymous Coward · · Score: 4, Funny

      And here I thought it was a comment about personal grooming...

    2. Re:shocking concern by loraksus · · Score: 2, Funny

      Please. We "care" every single time a new link gets posted. It takes work to pick out the master link and set opera to refresh every second - especially when the editors post mirrors.

      That said, I thought freebsd was dying ;)

      --
      1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcfv gbhnjmk,l.;/
  3. no, no, you don't understand... by jusdisgi · · Score: 5, Funny

    ...perfect code is irrelevant to security! Didn't you hear me?!

    -Bill

    --
    Given a choice between free speech and free beer, most people will take the beer.
    1. Re:no, no, you don't understand... by jusdisgi · · Score: 2

      Ordinarily I would just let this go. But this guy is such a total cocksucker, I think I'll feel just a bit less disgusted if I dismantle his post.

      "They don't have the same brain power that you or I have."

      --Right. Like the brain power to detect dripping sarcasm in the parent post, as neither of you did? Or to notice its obvious relation to the story 4 down from this one? Or like the brain power required to see the fact that Blacks/Whites/Asians/etc. are actually *different species*? Man, that one even has the entirety of the scientific community fooled; you must be fucking brilliant!

      "They are a distant relative to be sure, but they are less evolved than humans."

      --What about my friend, a white man, his wife, who is black, and their daughter? Is she black, or white? And if she's black, does that make her a "distant relative" to her father? And while we're at it, doesn't the child by definition have to be "more evolved" than the parent? I mean, the child receives the full evolution inherent in the parent's genes, plus one more random resequencing.

      "Have you ever noticed how similar Negroes are to the apes in a zoo."

      --Have you ever noticed how questions tend to end with question marks? However, if you want to find out who's the more apeish, let's compare:

      1)They say that, given infinite time, a thousand monkeys with typewriters would write A Song Flung Up to Heaven by Maya Angelou.

      2)By contrast, one braindead monkey could come up with your post while eating bugs out of your mother's hair.

      "by Anonymous Coward"

      --Got that right. Could have said "by Anonymous white-trash bitch who's daddy should have pulled out and left him as a cumstain on the backseat of his pinto."

      --
      Given a choice between free speech and free beer, most people will take the beer.
  4. OpenBSD is INSECURE, try Cryptech RAP BSD by Anonymous Coward · · Score: 3, Funny

    How can anyone trust an operating system like OpenBSD when its insecure, come on it still has a root account, You obvoously haven't used Cryptech Radicacally Advanced PowerBSD. This operating system uses the "swallow the key" principle. Once installed, you are pernemently in a sandbox, with NO WAY to get root access becasue THERE IS NONE, For extra security the Installation CDROM has a built in Self destruct mechanism. Once It installs it scans a special diode embedded into the disk and destroys the CDROM. No one has managed to hack a Cryptech RAP BSD box, and I have ran one connected to the Internet on a high volume site (10,000,000 hits a month) which publishes controversail material. Noone out of the THOUSANDS of kiddies have manged to get in so far, and good riddance.

  5. OpenBSD song by Malcolm+Scott · · Score: 5, Informative

    And make sure you listen to the release song too. It's great :-)

  6. Re:A message from Theo by Krunch · · Score: 2, Interesting
    From http://openbsd.org/errata33.html
    All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is unclear whether or not this bug is exploitable.
    No exploit was publicly availiable before it has been fixed (AFAIK).
    --
    No GNU has been Hurd during the making of this comment.
  7. Thoughts on security by arvindn · · Score: 5, Interesting
    From the release notes:
    Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.
    That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

    Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

    1. Re:Thoughts on security by OttoM · · Score: 4, Informative

      The kernel has its own set of library functions, aptly named "the kernel library". This kernel library included strcpy() and strcat(), but not aymore.

    2. Re:Thoughts on security by __past__ · · Score: 5, Insightful
      That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.
      You realize that OpenBSD is not a clean-room reimplementation of Unix? Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself. Obviously, there was a time where programmers thought gets would be a useful function...
      --
      Programming can be fun again. Film at 11.
    3. Re:Thoughts on security by donhav · · Score: 2, Informative

      A openBSD release contains far, far more than just the kernel its all the userland as well. IE: things like grep and diff and csh. There are hundreds of these programs. The OpenBSd team puts a lot of effort into making the whole release secure not just the kernel.

    4. Re:Thoughts on security by dmiller · · Score: 4, Informative

      Note thst strcpy() and friends _can_ be used safely, and the usage of the ones in the tree before the removal had been audited at least once. For example, the following construct is safe (assuming you check the malloc return):

      len = strlen(foo) + 1;
      bar = malloc(len);
      strcpy(bar, foo);

      But is was easier to just banish them from the tree entirely, so that it is easier to grep for potentially unsafe ones when new code is imported.

    5. Re:Thoughts on security by Pierre · · Score: 2, Funny

      what we're not supposed to use strcpy?

    6. Re:Thoughts on security by hey · · Score: 2, Informative

      I can't think of any way to use gets() safely.

      s = malloc(INFINITY);
      gets(s);

    7. Re:Thoughts on security by Anonymous Coward · · Score: 2, Insightful

      "Too lazy (or too dumb) to use grep(1)?"

      Figures that someone would be an asshole about this. Perhaps the guy doesn't use Linux and it's a pain in the ass to go download all the source, uncompress it, and then grep it out when there's someone that already knows the answer to this simple question?

      Sheesh, grow up.

  8. From the changelog by debilo · · Score: 5, Funny

    Remove unlicensed MATH_EMULATE code (written by some guy named Torvalds) from the kernel, leaving only the GNU emulation code for the moment.

    Gotta love that.

  9. Unfortunately by Ryvar · · Score: 5, Informative

    Unlike 3.3, which made it months before a single security-related patch was issued, 3.4 LAUNCHES with 3 such patches.

    That said, it's such a huge release in terms of changes made (x86 Write or eXecute memory pages, for one) that it's more than worth the upgrade.

    As with most such fundamental updates to OBSD, though, I expect this release to be significantly patchier than the last couple.

    --Ryv

    1. Re:Unfortunately by braddeicide · · Score: 2, Informative

      Its been released with patches cause its already a month old before its released onto ftp

  10. Binary format changed to ELF by snake_dad · · Score: 5, Insightful
    Be careful when upgrading from older versions of OpenBSD, the upgrade procedure for i386 is a little bit more complicated than usual. As noted here and here. There's a document describing a possible upgrade path available from 3.3 to 3.4.

    As I was lucky enough to run into this on a relatively new install I could just do a complete reinstall, but not reading the upgrade instructions can get you in a lot of trouble this time... :)

    --
    karma capped .sig seeking available Slashdot poster for long-term relationship.
  11. Re:Why the delay? by Krunch · · Score: 2, Informative

    I think people who order the CD get it before it is availiable from FTP. The FTP release was set for November 1 but it was changed to October 30. http://deadly.org/article.php3?sid=20031030183459& mode=flat

    --
    No GNU has been Hurd during the making of this comment.
  12. Mirror Operators, Report! by Anonymous Coward · · Score: 2, Interesting

    Does anyone who runs a mirror care to describe the traffic hit that comes with the rush to download 3.4? I remember seeing the stats for the FreeBSD Walnut Creek server handling tons of traffic whenever the next version of something it was serving was released. Generally it was RedHat, ironically.

    While I order CDs to support the project, I run snapshots for many things, and being close to a mirror (OC-3 linking our sites), it takes minutes to install via ftp.

  13. Re:OpenBSD performance facts by quigonn · · Score: 4, Funny

    And you think the discussion on the OpenBSD side was less biased? Well, I'll just show you some of the comments from misc@openbsd.org about the article:

    "Because as Lars pointed out before, benchmarks are seldom little more than a great way to use numbers to prove your point. Especially coming from this overtly pro-linux, anti-openbsd in the flesh little devil Felix. The benchmarks he provides serve little more than to feed his
    pro-linux ego and no real interest in improving OpenBSD, and neither do your (collectively) rantings as to this being proof that OpenBSD is broken. [...] The intuitive way to meet this attitude is to benchmark now the security advantages of OpenBSD where it outperforms Linux."

    "Leitner is a linux bigot, he's very anti-openbsd (obvious to anyone who's ever read his rantings), the tests shows OpenBSD in a bad light, draw your own conclusions."

    "I have better things to do than testing networking performance of operating systems. I'm very busy already. I've chosen OpenBSD as my server OS, because security is my main concern. I like it a lot. So far, nothing I've read has convinced me to install something else. I took time however to discredit (rightfully I think) this guy's test, because it struck me as being very unjust."

    "Theo could easily rewrite OpenBSD to thrash these other OSes, real things like multiprocessor support are a real drag for them, so OpenBSD could be heaps faster. But who cares how many binds/second can be done, this isn't real "work", so what does it prove?"

    I especially like the last one. :-) It shows the real attitude of most OpenBSD fanboys. Later, in the newsgroup de.alt.sysadmin.recovery, Felix summarized what kind of emails he got from the different projects. Some of the Linux people found it interesting, FreeBSD seems to have been quite friendly too (a few asked about benchmarking 4.8), the NetBSD people immediately explained why the mmap benchmark measured a worst case situation in NetBSD, and immediately started improving NetBSD performance-wise. But about OpenBSD he wrote that he only got only two emails that were not insulting. Some people even explained to him that the 1024 cylinder limit he mentioned in the article doesn't exist (it does! I know one person that tried to fix it, but his patches were not taken because he used intel syntax instead of AT&T syntax in some assembler files), and some people said that OpenBSD doesn't crash as he described. So far, the crash could be reproduced and is in the OpenBSD bugtracking system.

    --
    A monkey is doing the real work for me.
  14. I think his question by mindstrm · · Score: 2, Insightful

    was more like
    "Given the ferocity with which the OpenBSD nazis fix things like this in their code wouldn't this sort of thing, in the kernel, be one of the first things they did?"

    Indeed, I thought this was done quite a while ago...

    1. Re:I think his question by __past__ · · Score: 2, Funny

      Maybe they were busy with their "security by repeated assertion" strategy before.

      --
      Programming can be fun again. Film at 11.
  15. Don't worry about the ghosts and goblins... by awarnack · · Score: 4, Funny

    It's the DAEMONS you have to worry about... (it had to be said, right? RIGHT???)

  16. TCP/IP by ndavidg · · Score: 4, Interesting

    From a University of Texas CS instructor's web site:

    The Transmission Control Protocol was first formally specified in December of 1974 by Vint Cerf, Yogen Dalal and Carl Sunshine.

    The link can be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/index.shtml

    And supporting documentation will be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/Annotated_Bibliography/index.shtml

  17. Re:Why the delay? by ryanr · · Score: 2

    Me too. I had pre-ordered 3.4 a month or so ago when the idiots were crowing about the OpenSSH patches, as a way to support the OpenBSD project. I think they showed up last weekend.

    Buy the CDs people, and support the project. Plus, you get the OpenBSD songs in full Redbook glory, and stickers!

  18. WRONG by Anonymous Coward · · Score: 2, Informative

    You can relicense the code. Look at the numerous projects out there that are avaliable under multiple licenses.

  19. Via C3 support by Gothmolly · · Score: 3, Interesting

    1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

    --
    I want to delete my account but Slashdot doesn't allow it.
    1. Re:Via C3 support by Homology · · Score: 5, Informative

      1.6 Gbit/sec of AES-128? Damn, I gotta get me one of these!

      This is before optimization is done, and according to Theo, this is what they are doing right now. The chip is capable of 12.5 Gbit.

  20. Re:Just a thought ... Go buy the official CD's by Anonymous Coward · · Score: 4, Insightful

    Because OpenBSD does not offer any iso images for download. The official iso images are copyrighted by Theo and can only be gotten by buying the CD's or by pirating them. Or course you could make your own homebrew iso images, that's perfectly legal, and then distribute them as torrent files. But the OpenBSD project depends on CD sales to fund the continued development of the OS. Go buy the official CD's.

  21. Re:Guess what... by damballah · · Score: 2

    Thanks for being so understanding, I don't have broadband. I figure that it would be common knowledge whether linux used safe calls to these functions or not...I didn't ask you to go through the sources, btw. You put yourself through that.

  22. Re:OpenBSD performance facts by Caligari · · Score: 4, Informative
    Instead of judging the entire OpenBSD community by a couple of random emails on misc@ (which is the mailing list specifically for stupid questions and answers), why don't you report what the tech@ people were saying?

    If you did, you would how the ACTUAL OpenBSD developers responded to fefe's benchmarks.

    For example, here is what Ted Unangst (a very major committer to OpenBSD) replied to requests for help improving performance:

    "apply the patch below to your mmap benchmark. a real application is unlikely to use pread and mmap. openbsd uses a separate cache for read and mmap calls. while it seems you are attempting to time only a page fault with cached data, that is not happening on openbsd.

    the results for all other OS should remain the same, but OpenBSD improves dramatically. the adjusted benchmark is a much closer match to application behavior in reality."
    Which was followed by above-mentioned patch.

    I don't think it's fair for you to judge an entire operating system community based on the contents of a few selected emails. By doing so, you are being just as biased as you say the others are.

    --
    The moving cursor writes, and having written, blinks on.
  23. C'mon OBSD!! by devphaeton · · Score: 3, Interesting

    Can't you hurry up? Look at the front page of bsd.slashdot.org....

    Freebsd released 4.9 before your 3.4!!!

    (j/k)

    On a side note, reading the 2nd or 3rd post about trojaned obsd ISOs floating around the web is really sad and upsetting. I love the open sharing of software and source code around the internet, but i always fear that someday it will be to a point that *everything* has been tampered with, essentially creating a need to look through more source code than anyone has time for. Sure we can solve this with technology (such as with MD5 Checksums) but as we create smarter verification, the internet will create smarter shitheads. I'd hate to think that it will eventually degrade into a win-some/lose-some cat-and-mouse game.

    I actually lost some sleep few months back when the GNU folks announced that their main ftp site got compromised. I realise that servers get cracked every day, but when it's gnu/linux/bsd/oss folks it feels personal.

    I'm not well acquainted with any $krYp+ KyddI3z, cr4x0rz or know what they use, but i'll be willing to bet that their OS and many of their tools are based on software from those they are attacking.

    Assholes.

    --


    do() || do_not(); // try();
  24. Re:A message from Theo by mirabilos · · Score: 4, Informative

    The two bugs you mention, weren't actually bugs
    in OpenBSD.

    * one was a bug in PAM and most GNU vendors
    * one is a bug, but can't be exploited due to
    W^X, propolice, NXSTACK, NXHEAP and friends.

    Heck, I've tried the gobbles exploit again
    against OpenBSD-2.9-OpenSSH where it worked
    back then. It failed to run due to these four.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  25. Re:OpenBSD performance facts by mcroot · · Score: 2, Insightful

    Perhaps I'm being a little too demanding. But if you can't properly operate the disk partitioning tools for an OS, maybe you aren't really qualified to be doing benchmarks on it.

    Most of the comments about Felix being an idiot have good reason for doing so. He went out of his way to trash talk OpenBSD, and most of the problems he encountered were as a direct result of his inability to RTFM. Why should the OpenBSD community have any patience for someone who bechmarks first and ask's questions later ?