Slashdot Mirror
OpenBSD 3.6 Released!
dspisak writes "The people over at OpenBSD have released version 3.6 containing significant new features such as: SMP support for i386 and amd64 archs, the ability to optimize pf rulesets, better hotplug support, in addition to more robust encryption and vpn functionality. This is in addition to more recent hardware support, for a full list of changes take a look at the 3.6 changelog. Don't forget to use the mirrors!"
WOHOOO!!!!
I wonder if they plan to do smp on any other arch?
Excellent timing!
Right around Halloween, the "dead" comes back to life!
Congrats and good work to the OpenBSD team!
Keep it up.
..it was released on 29th of October already, as you can read here. When download, please don't forget to use the torrent!
I wish there was someone in real life who knew what OpenBSD was so they could share my enthusiasm =(
There was an excellent paper at CCS last week on the limits of address space randomization. If you want address space randomization to be effective, use a 64 bit architecture and native 64 bit binaries for your OpenBSD system.
Test your net with Netalyzr
Well, come to think of it, this article was on time...
The policy of the United States is worse than bad---it is insane. -- Ludwig von Mises, Economic Policy(1959)
What are the differences ,between packet filter and ip tables, for use as a firewall box ?
It's like a BSD golden age lately, with (alphabetically!) FreeBSD, NetBSD, and OpenBSD releases coinciding.
Hooray for all three. It's a amazing luxury to have so many open source Unix-like operating systems and kernels out there, free for the download.
org.slashdot.post.SignatureNotFoundException: ewg
of this release!
A new BSD song!
Yeah!!!!!!
ummm, what are you talking about, openbsd is using the fish (puffy is his name?). and has been since early 3.0 releases (I think 3.1). Personally, I think that the fish is much better than the flag. So all three distro's are unique now in terms of icons.
--
isolenz
i noticed under new features:
tcpdrop(8), a command to drop TCP connections.
this looked like an awesome idea, and I'm wondering what the windows / linux equivalent is... anyone know?
-judging another only defines yourself
OpenBSD has a reputation for being the ideal platform for making into a router or firewall. That's true, but it's also a really nice general server OS for low power tasks. I run it at home as a file/web server, and it's really quite nice.
If you like Unix (as opposed to hating Microsoft), give it a shot.
--saint
When will Open support Apple's new G5 computers? Currently the hardware compatability only lists all older G3 and G4 based computers.
Well, there was BSDi, which I think is defunct now, which was a closed-source OS on a BSD base (a piss poor one, I might add). Then of course, there's OSX, which is a closed source OS built on a BSD core.
So yes, there is.
Comment removed based on user account deletion
Last year. I'm about to install 3.6 on an Ultra 10 I was given too.
Actually, the fish has been around since 2.6.
Comment removed based on user account deletion
Simple (text install). Default install is small, but gives you a complete, basic Unix-like OS. Man pages are really useful. Multi-platform, so you don't have to manage a different OS on every arch you have. OpenBSD is creating technology that helps other distros, such as OpenSSH. I'm expecting to see their BGP and NTP stuff showing up elsewhere.
...you would have 2 servers up and running already. Got my CD's last week and have 1 new box up and one old 3.5 box upgraded. May thanks to Theo and the team for such great software.
If you have not tried OpenBSD please do. While I will not speak on the idea of OpenBSD on the desktop I will speak to how great it is as a firewall. If you have struggled with IPTABLES it is time to give a try to PF. Have a look. It should be easy to understand:
ext_if="xl0"
int_if="fxp0"
# clean up the packets
scrub in all
# nat the internal network to the external interface
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# setup a table of RTBL IP's for spammers
table persist
#redirect any IP's in the the RTBL to spamd
rdr pass inet proto tcp from to any port smtp -> 127.0.0.1 port 8025
# ftp proxy
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
# redirect any internal user to squid
rdr on $int_if inet proto tcp from any to ! $int_if port 80 -> 127.0.0.1 port 3128
# pass extenal web request to the internal www server
rdr on $ext_if proto tcp from any to any port http -> 192.168.0.2
# pass extenal web request to the internal www server
rdr on $ext_if proto tcp from any to any port https -> 192.168.0.2
# drop everything
block in log
# allow out and keep track
pass out keep state
# allow anything to the loopback and internal interface
pass quick on { lo $int_if }
# no RFC 1918 spoofing (quick - do it now!)
antispoof quick for { lo $int_if }
# allow external ssh in
pass in log on $ext_if proto tcp to ($ext_if) port ssh keep state
# allow smtp in
pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
# allow the www forwarding
pass in log on $ext_if proto tcp to 192.168.0.2 port http keep state
# allow the www forwarding
pass in log on $ext_if proto tcp to 192.168.0.2 port https keep state
# allow outbound smtp
pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
Very simple and clean. If you need a firewall give it a try!
hotplugd is pretty damned neat on the user end. It allows you to define actions performed when a device is plugged in, such as a digital camera (ala cp /mnt/camera/* ~/pictures/$DATE/).
/ openbsd _3_6.html
It's also mentioned in a recently slashdotted interview with some OpenBSD devs here:
http://www.onlamp.com/pub/a/bsd/2004/10/28
Ok, the current icon for a generic BSD story on /. right now is the Daemon, right? Everyone I know associates the Daemon with BSD regardless of flavor. NetBSD has attempted to single themselves out as a seperate distro from the rest of the BSD group/stables. Why would it make any sense to use their new logo as the *generic* BSD logo? If the /. story is 100% devoted to NetBSD, then sure, use the flag like Apple has their own logo. But I don't think it would be worthwhile to replace the Daemon with the NetBSD flag on a story dealing with OpenBSD.
"Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
Well then you forgot a couple of ca's to do ...
But hell (to keep it bsd) if you wan't uptime only, I guess FreeBSD is suited as any other OS.
I've got OpenBSD running as a little personal webserver, DNS server and so on. It's running OpenBSD3.1, because at least back then, it was absolutely impossible to update. Every up understanddate involves going through and manually mucking with endless configuration files, etc. I use Debian for most everything, and have grown so used to the ability to run an apt-get update; apt-get dist-upgrade.
The inability to easily update OpenBSD, to me, nullifies any benefit one gets from it being "secure". If I'm running a two year old version of Apache because it's such a pain in the butt to update, how iss that secure? I think automatic security updates are imperative for a secure system.
And, furthermore, the automatic updating system should be secure as well.
Yesterday. I use BSD for anything that I'd like to be more secure than the average distro. Anything on the frontline basically- w/ports open to the wild. Chroot'ing gives me a warm fuzzy. You gotta assume that now matter what software you're using it's going to have holes, and the holes will eventually be discovered. It's nice to know that when this happens the damage will be somewhat limited.
The notes to the Pond-erosa Puff lyrics complain about XFree86, ipf and Apache being non-free and state "Make your stuff non-free, and something else will replace it."
According to the release notes, it seems like ipf is the only thing that actually did get replaced. XFree86 has been "replaced" by XFree86 4.4.0 "unencumbered." And Apache has been replaced by... Apache v1.3.29. Does this mean they consider Apache v1.x to be a "replacement" to Apache v2.x? Are they going to continue with Apache v1.x or is there some point that they will actually *replace* it?
Awesome! I can finally run BSD on my old quad 386sx with 1Meg of RAM! Now I'll be cooking with propane.
If you open your mind too wide, people will throw trash in it.
Comment removed based on user account deletion
Comment removed based on user account deletion
Anybody gotten their CDs yet? Ordered mine a month ago. The new stickers should give the GPL/Linux Nazis at my work pause :)
This guy is way out there
I'm very happy for OpenBSD's and FreeBSD's recent releases, but where the heck is NetBSD 2.0? I thought the original timeline was late May '04? Any NetBSD developers know the inside scoop on this? I'm sure the logo contest did not push back the relase of the whole OS!
v2sw7CUPhw5ln6pr5Pck4ma7u7LFw0m6g/l7Di5e6t5Ab6TH.
~$ uname -a
Linux zig.jayfar.com 2.4.18-6mdk #1 Fri Mar 15 02:59:08 CET 2002 i686 unknown
~$ uptime
2:17pm up 275 days, 6:28, 2 users, load average: 0.00, 0.00, 0.00
ed2k://|file|openBSD36.i386+ports+src.bootable.iso |276707328|abfef21976ed88d112bb413889ec24a3|
you can check security using MD5 sums for the files included
boot image used: floppy36.fs
1) Haven't tried NetBSD or Dragonfly. But, I think FreeBSD is by far the general purpose server OS, and also I believe the easiest to pick up coming from Linux.
2) If I am not completely wrong, then you can mount ext3 as ext2 with the price of not having the journaling. If so, your file system will be mountable as ext2 under FreeBSD.
Uh... have a look: Nearly 2.5 Million Active Sites running FreeBSD (June 2004) :)
The number increased by half a million in the last year. And then there are OpenBSD and NetBSD, not counted in that number.
For now I'm not counting DragonFly because it's not yet used in production environments. We'll see how it is when it comes out!
Anyway it was a nice troll, since a lot of people fell for it - they didn't post anonymously and change the trolling subject like I did.
#uname -ao mpile/GENERIC
o mpile/GENERIC
OpenBSD ns1 2.8 GENERIC#487 i386
[root@ns1-311-/]
#uptime
12:54PM up 1371 days, 7:50, 2 users, load averages: 0.21, 0.13, 0.09
[root@ns1-312-/]
#sysctl kern.version
kern.version = OpenBSD 2.8-current (GENERIC) #487: Sun Jan 28 03:46:59 MST 2001
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/c
I've got another:
#uname -a
OpenBSD ns2 2.8 GENERIC#487 i386
[root@ns2-2-/root]
#uptime
1:01PM up 636 days, 5:06, 2 users, load averages: 0.06, 0.08, 0.08
[root@ns2-3-/root]
#sysctl kern.version
kern.version = OpenBSD 2.8-current (GENERIC) #487: Sun Jan 28 03:46:59 MST 2001
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/c
Off the wire-ftp-install of current, rock solid.
But I stopped working for Uptime Envy, OBSD just works, and well.
Top 10 reasons IPTABLES is better than PF:
/var/log.
10. Parsing IPTABLES config files excellent preparation for subsequent
learning of Asian pictograph-based languages.
9. Standard logging via syslogd helps eliminate clutter in
8. GPL prevents Steve Jobs from stealing your code.
7. Simplistic man pages encourage development of social skills via mailing
lists.
6. Multiple distributions, versions, kernels, modules, plugins, etc. keep
hackers confused as to exactly what they're attacking.
5. "Mangle" just sounds so much more 133+ than "Scrub".
4. Complexity of structure leads to more opportunities for obfuscation and
subsequent job security.
3. New and experimental kernel modules make life exciting again.
2. GUI and Web based utilities mean that anyone can set one up without knowing
what they're doing.
And the number one reason IPTABLES is better than PF:
1. No distracting arguments about whether to port it to OpenBSD.
Shamelessly stolen from the pf mailinglist.
Reality has a notoriously liberal bias -- Stephen Colbert
I wish they'd slow down the releases. Between the new versions and power outages, the uptime on my server is suffering.
When will Windows be ready for the desktop?
Yes you can mount the ext2 partitions. However, you will need an UFS partition to install FreeBSD to.
I want to recommend OpenBSD to anyone who wants to build a small server and it is a must for a firewall/NAT box.
/network. OpenBSD's lack of graphical configuration aids is a great help here.
I have never seen such a clear, concise, and easy to understand configuration file as that of pf.conf (IP filter).
The files for the boot-up configuration rc.conf and rc.local are also very clear and easy to understand.
Everything has very _good_ man pages and sample configuration files with lots of comments.
The faq on openbsd.org is quite good, too.
One aspect of security is simplicity, which implies easily understood configuration files.
Another aspect of security is that you learn about the fundamentals of your system
You simply _have_ to learn about your system to be able to operate it, but at the same time learning is made easy, by great documentation.
And if anybody is put off by OpenBSD's (in)famous penchant for straight/rude talking developers: Don't worry, I found people friendly and helpful. They are only put off, by questions that are very obvious and have been covered in the documentation extensively. But I am also the kind of person who loathes to ask for help in a D.I.Y. shop such as Home Depot, preferring to find things unaided so that I learn more and more about the products they offer, so that I will be more knowledgeable when doing my next project.
Marcus
I look forward to OpenBSD releases not because I use OpenBSD, or even that I am particularly interested in it -- it's the OpenBSD songs that I wait for. They are actually quite good.
"The Legend of Puffy Hood" and "Puff the Barbarian" were particularly good, and I found that many non-geeks liked them for their music if nothing more (and they tend to appreciate the lyrics once they read the page I linked above).
Speaking of lyrics, if you read them, you will find that they are actually very clever political satire. The 3.5 song, and some of the earliest ones, are somewhat disappointing IMO, but the others are excellent (and 3.5 is as well if you can appreciate a parody a parody).
I highly recommend that all Slashdot readers take a look at the page and download the OpenBSD songs. You may even want to pick up an ISO of OpenBSD while you're there.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
...but it seems to be down again. I'll get back to you.
Just how good is the SMP code in it?
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
This is a great month for us BSD fans.. with major releases from all 3 main flavors..
---- Booth was a patriot ----
Thanks for your responses (I'm the original poster).
One last question -- what's the status of wireless networking with the BSDs? Pretty straightforward, or require a lot of effort to get it (and network sharing) working?
Thanks!
Certainly. It's what you call it when the servers are plowed under by a sudden spike in traffic due to the release of a new version, in which case the letters "BSD" stand for "By Server Demand."
"OH SHIT, THERE'S A HORSE IN THE HOSPITAL!"
...slashdot actually acted like a responsible net citizen and delayed the announcement until the mirrors were populated.
And it hurts nobody, I think you'll agree. Those who desperately want the 3.6 code will already have it; more casual users will benefit from using a mirror.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Yes, this has been available since 3.5.
of course it does, this is nothing new. besides that doesnt matter anyway, i have a quadboot system with openbsd 1024. i bet you were one of those kids that had trouble with puzzles as a child.
The current download speeds puts the poor ftp archives to shame.
It has since 3.5 (assuming BIOS support of course -- you still need to have your root filesystem in the first 504MB on that old 386 that can't address more, but any modern system is fine), so the 8GB limitation is long gone.
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
The short answer: If it's supported it just works. The general question is if your particular piece of hardware is supported. If you're going to buy check a few nics if they are supported, and ask for any end user experiences.
The recent 5.x FreeBSD includes what's known as "The Evil Project" - it's code that allows use of Windows NDIS drivers when no native drivers are available. This is not totally straight forward, but it should be a working alternative. I think it is being ported to other BSD's and even Linux.
Generally, due to the momentum/hype of Linux manufacturers are begining to distribute binary linux drivers, while ignoring BSD. For this reason you may find hardware supported on Linux, not supported on BSD.
However, it is my impression that it is mostly inexpensive crap that isn't supported anyway. Stay away from D-Link.
There are few things a dont like about openbsd;
/etc/rc.d/ system
:)
no pf logging to syslog in clear text format ( as opposed to tcpdump format )
no netbsd like
and there were a few other minor things I cant remember right now...
apart from that.. I really like the effort that goes into the security side of things, look at all the _foo user/groups grow from the privsep work, look at all the wee daemons and utils that pop up, like spamd, hotplugd, bgpd, ntpd.. and all while keeping it all clean and logical and ready for use.
Nice work obsd people. Must be about time to have a relaxing beverage or twelve
Don't forget to use the mirrors!
I've heard there are big companies using many copies of OpenBSD but haven't even bought a CD.
They should get their names on this list:
http://www.openbsd.com/donations.html
Its simple and secure, exactly what you want. Ths installation is the fastest and simplest of any unix, fitting on a single floppy even. www.openbsd.org has tons of great info, including a walkthough of how to install.
As for 2, you can mount ext3 as ext2, and it will work fine. I don't think you can boot from ext2 though, and you would be better off backing up the data, installing your BSD of choice, and then putting your data back on the BSD formatted partitions.
I'm just saying... my last install has been up since I put it on the computer (as its first BSD install).
I don't want to invoke any envy or pecker-measuring... I'm just saying that was the last one I installed.
C:\Program Files\Resource Kit>uptime
/help for more detail.
\\SYSADMIN02 has been up for: 0 day(s), 5 hour(s), 37 minute(s), 10 second(s)
Estimate based on last boot record in the event log.
See UPTIME
C:\Program Files\Resource Kit>
Currently, there are drivers for some, but OpenBSD cannot distribute the binary firmware with restrictive licenses. If you want to use your hardware under Open Source or OpenBSD specifically, then join the OpenBSD's activism here under headings "Firmware licensing updates" and "Call for help: Contact TI to change their firmware licensing for wireless drivers:"
http://undeadly.org/
FreeBSD is a great place to start learning BSDs, since it is by far the simplest and offers the most functionality on x86 machines. The downside is that its future is bleak (lost best devs, politics too messy, CODE too messy... this isn't trolling, hell I love FreeBSD, but judging by 5.x progress it's not going to get any better).
So use FreeBSD as a learning platform then move to the deeper end of Net and/or OpenBSD. When DragonFly has cleaned out more of the 4.x cruft and become production-class stable, that'll be a great thing to investigate too. Net and Open, however, have had so-clean-you-can-eat-off-it code for years now, and the result is a pair of portable (especially NetBSD), secure (especially OpenBSD), high performing (at least, OpenBSD say they've made it so) and generally very good systems. They certainly pose very good alternatives to Linux, and I would much rather run either on a server/gateway machine (iptables is a joke).
Sam ty sig.
Probably should read their interview/notes. They held off SMP support until their primary priorities were met, which in OpenBSD always starts wiht security. Since they could implement (thanks to NetBSD 2) SMP quickly, without vulnerabilities and repercussions, it seemed silly not to do so at that stage. They even admit that the SMP is 'better than nothing' but is giant-locked (like FBSD 4.x) and generally won't perform that well, but will give that extra CPU something to do. Remember, OpenBSD is about bleeding edge in security (how many of OBSD's security features does Linux support? close to none, actually), not in performance or hardware support or file systems or whatever else you might find more important. If these things are what you want in a system, you know where to find them.
Sam ty sig.
You have to click the "post anonymously" check when you complain for the moderation, and pretend you're somebody else!
(Sigh.. these novices will drive me nuts, some day)
Trollmaster