Slashdot Mirror
What's New in OpenBSD 4.2?
blackbearnh writes "OpenBSD 4.2 was released today, and has a host of new features. O'Reilly's ONLamp site has a pretty thorough overview of the release. 'Even though security is still there, this release comes with some amazing performance improvements: basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper), and the improved frequency scaling on MP systems can help save nearly 20 percent of battery power. And then the new features: FFS2, support for the Advanced Host Controller Interface, IP balancing in CARP, layer 7 manipulation with hoststated, Xenocara, and more!'"
I didn't see anything about it in the interview, but it looks like they've made install ISO's available for the various platforms (install42.iso in each directory). Might give it a spin if I can find a machine for it -- I gave 4.1 a try (and even bought a CD set) and was mostly impressed.
Jesus is coming -- look busy!
Christoph Egger did a OpenBSD Xen port (based on the NetBSD xen stuff) see: http://hg.recoil.org/openbsd-xen-sys.hg It looked pretty promising. It's too bad they aren't going to support that platform. I've got lots of customers who'd really like a OpenBSD option.
I've filed a bug report on this but at this point I'm not even sure its a bug... could be a hardware issue..
If anyone is running Adaptec SCSI 2940 controllers with more than one SCSI hard drive and it works then I'd like to know... if anyone is having problems I'd like to know.
The issue is that I have one 2940 fast narrow card and it won't boot... says there is no O/S. In the same machine... swap that card out to a 2940 fast wide and it boots just fine. Perhaps this is a firmware card issue. I have so far only tested these two cards... I plan to go get a handfull more.
Next issue. With the fast wide all seems 100%. Then I start an rsync from another machine and within seconds I get a kernel panic. There is a bug report here: http://paste.lisp.org/display/49908#1
Is OpenBSD bug report # 5616
I'm not at this point asking anyone to debug this. I want to know if others have a similar setup and it works.
This machine is a Pentium I, with two fast narrow SCSI disks and in this case an AHA 2940 FW card. There is nothing else on the bus.
O/S version was 4.1 and now I can try the new version. Since OpenBSD is such a great O/S I sure would like to get to the bottom of this without wasting people's time. If we have a problem we need to know about it and potentially fix it. If its an isolated issue then I need to know this so I can shelve the hardware if in fact it is flakey hardware.
Note: With that fast wide controller... dd if=/dev/sd1 of=/dev/sd1 bs=2048 will run 100% and never glitch at all. But try that rsync on the system.. kernel panics 100% of the time within seconds.
I know OpenBSD is renowned as a secure system, but it also is a good desktop OS. In fact, I bet it recognizes more devices than my Windoze Vista. I was pleasantly surprised the last time I tried out OpenBSD on my laptop. My only complaint is that the ports are not as comprehensive as FreeBSD. But then, maybe I should be a maintainer for one and stop complaining, lol.
One of the things that has put me of OpenBSD is the need to compile from source if you want to use the stable branch. I realise this is partially due to limited resources and priorities, but I would argue that this is probably one area where there is room for improvement.
In any case they have done a lot of good work. Copyleft vs OSS ideology disputes aside. ; )
One thing I never really figured out with OpenBSD is why errata patches are handled the way they are. Why doesn't OpenBSD offer binary updates? For example, here are the instructions to fix errata entry 009 ("Fix possible heap overflow in file(1), aka CVE-2007-1536."):
Given that I installed from binary packages as do most users, and I might not even have a compiler installed, the startup cost of following those steps is fairly substantial. It seems like it would be easier for someone at OpenBSD to run those commands, see which files changed, wrap them up into a tarball, and distribute those - at least for the most popular architecture or two.
Now, I'm not saying they should do this or that they owe it to us end users to do it. I just mean that it'd be amazingly convenient with a seemingly minimal amount of extra work. Am I wrong about what would be involved?
Dewey, what part of this looks like authorities should be involved?
And since this is all BSD licensed code you are free to take the code, put it in your proprietary "net security appliance" making any improvements of course without giving one single improvement back.
There are SO many 1U security "black boxes" that obviously rip off OpenBSD for 95% of their product it's just pathetic. I don't recall many of them touting that they used OpenBSD or ever hearing some of the "cool" features they SAY they have ever being contributed back to the main code repository for OpenBSD.