Slashdot Mirror
OpenBSD 3.5 Released
pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5.
We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"
It does.
- Configure, maintain and secure your routing protocols and interfaces in one easy to read and edit configuration file.
- Store the configuration in solid-state flash memory.
- Upgrade the entire OS by TFTP'ing a single file.
- Provide support for many types of LAN and WAN interfaces (DSx, hardware accelerated ATM segmentation and reassembly, etc.)
- Provide support for layer 2/3 QoS packet tagging in hardware (on ALL WAN interface types i.e. ATM, Frame, DSx) to reduce CPU load on distribution routers.
- Handle IPv4 traffic routing in hardware, with the OS just maintaining flow state information.
- Provide support for the plethora of legacy protocols that are on corporate networks (DLSw, X.25, etc.)
When the only tool you have is a hammer, everything looks like a nail.-Pat
fxp is the driver for the Intel PRO/100 Ethernet adapters.
What was it?
OpenSSH.
Tarsnap: Online backups for the truly paranoid
Let's begin hacking this one apart :P
:P not.
1) Devry... nice..
2) A company capable of buying quad xeon hardware doesn't sound like the kind of cmopany that needs to resort to running a workstation OS--XP Professional--on a server. Plus, Windows XP will only use 2 CPUs maximum.
3) Like mentioned before, you'd never run OpenBSD on an SMP box in a production scenario
4) What kind of password? The Windows XP password has nothing to do with Dell. If you mean the BIOS password, that has nothing to do with Windows.
5) Microsoft's multi-user computing (read: NT Domains/Active Directory) is actually quite good.
6) If your server had three years of uptime, there was probably (I'm sure there wasn't but I don't want to be wrong) no OpenBSD SMP support (not even beta) 3 years ago... I wonder how your boss feels about a server having 75% of its computing power being unused.
There's more wrong with your post, but why bohter...
We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install.
I love OpenBSD as much as anyone serious about security, but this quote is completely full of shit.
If you look at the release 3.4 errata list, there's at least three or four root exploits waiting to happen. And 3.3 and 3.2 aren't any better.
And YES, sendmail was in the default install. As well as many programs based off the lately bad libc-6.
OpenBSD is the most secure, and secure-oriented, but its not perfect by any means.
And yes, I run OpenBSD on a few servers, and one desktop!
- Program should declare what syscalls it uses, what libraries it needs, etc, and no other syscalls/libraries would be allowed.
;)
- Program should declare what kind of access it needs to the filesystem to function. No other parts of the "real" filesystem should be visible in the program's namespace at all.
- Same for every other resource such as sockets, etc...
You mean like systrace?
I picked up OpenBSD with version 2.3 and started using it seriously with version 2.5. During that time, it has gone from being an audited and secure (but otherwise fairly plain) OS to a compelling system with a wide range of complementary features.
;)
:-)
The ones that stand out for me are -
Chrooting and dropping privileges for BIND by default (kept me feeling fairly safe through a few vulnerabilities, and without the extra work of maintaining my own bind built for chroot)
Picking up ssh and releasing a good, free version
Coming up with the nicest firewall I've used, taking it from nothing to ready for release within 6 months (That still amazes me!)
spamd - After breaking 400 spam messages a day directed at my inbox, wiring Spamhaus SBL into the firewall and tarpitting a good portion of the traffic is a nice bonus. Noticing a week after setting that up that OpenBSD 3.5 has graylisting is a nice surprise.
Propolice stack protection built into the OS and integrated for the long haul
Now with CARP, I can feel comfortable getting all this in any environment - I think failover support really opens up a lot of possibilities for the future of OpenBSD.
All in all, OpenBSD has all the attributes I like in an OS -
regular 6 month releases (production quality doesn't have to mean stale),
cohesiveness (no waiting for glibc to catch up to a new kernel feature, or vice-versa),
a real commitment to free software (as demonstrated with OpenSSH, pf, and now CARP)
really delivering - as opposed to various Linux security projects that I've seen integrated with mainstream distros, then apparently forgotten about or relegated to a special option marked with a warning label, OpenBSD is a real tested system.
As a system, it can progress toward its goals through every aspect of the system (eg., the pervasive privilege separation), rather than a patchset to a mainstream distro, which has inherent lag time and may be working at cross-purposes to that distro or the numerous projects that make up the distro it's trying to secure. I've seen a few patchsets come and go over the years, too, while OpenBSD keeps adding to the foundation they've built.
Thanks, OpenBSD team, for all the great releases... (and all the fish
Now I'm off to explore my new OpenBSD 3.5 system, where make build just finished.
There are unofficial ISO complilations of OpenBSD available is you want to search around for a bit. Or you could buy the official 3 CD pack and support the project that way.
/i386 for run of the mill x86 cpus ), and set them up on a local web or ftp server. 'dd' the boot floppy image to a spare disk ( floppy35.fs will suit 90% of cases ), boot up with this on the system, and simply follow the prompts for the ftp/http install. Or you could simply do a ftp install from a local OpenBSD mirror across the internet.
I think the easiest way to do an installation ( I ran 3.5 up on an old p-166 this evening ) is to download the arch-specific install files ( ie everything under
For detailed info on the install, see the FAQ.
The Errata page should be checked regularly too. Unlike the 3.4 release that had a number of bugfixes that needed to be applied as soon as it was officially released, 3.5 has no need for further patching at this point in time.
- Program should declare what syscalls it uses, what libraries it needs, etc, and no other syscalls/libraries would be allowed.
- Program should declare what kind of access it needs to the filesystem to function. No other parts of the "real" filesystem should be visible in the program's namespace at all.
- Same for every other resource such as sockets, etc...
systrace(1)