OpenBSD 4.4 Released

Linux blog writes "The new version of OpenBSD is available for download. There are lots of nifty new features to try out including OpenSSH 5.1 with chroot(2) support, Xenocara, Gnome 2.20.3, KDE 3.5.8, etc. Machines using the UltraSPARC IV/T1/T2 and Fujitsu SPARC64-V/VI/VII are now supported. It seems amazing to me that they keep delivering these new results on a six-month release cycle."

Congratulations

[norbot]

Congratulations to the OpenBSD team. BSD is far from dead!

Re:Congratulations

[Ant+P.]

Indeed, BSD is not dead at all. In fact I took a look at their mailing list archives last week and saw more than half a dozen very active threads. Shame they were all flame wars.

Re:Congratulations

[david.given]

Yeah. I'd really like to like OpenBSD. Technically, it's superb. It's smooth, polished, well documented --- it's got a level of consistency that most Linux distros can only hope to dream of. The kernel is well designed and fast, with excellent hardware support. System setup is consistent and well-thought out. Above all, it doesn't confuse easy-to-use with easy-to-learn --- everything is as simple as possible without oversimplifying, which makes it a joy to admin.

But then, every time I try to use it, I run up against the OpenBSD developers, who are an arrogant bunch of elitist assholes. In a couple of years, on and off, I think I've seen Theo make a civil reply to someone *once*. Maybe twice. No, I'm not kidding. When you see someone ask what looks to my untutored eye a reasonable question about VMs, and the head developer replies publicly with the words 'You are full of shit' and nothing else (apart from a complete copy of the original message, no snipping), there is something very wrong. Most of the other devs are nearly as bad, and of course there are hordes of groupies who assume that if the people in charge are okay with personal abuse, then it's alright for them, too.

Despite this, the actual operating system is definitely worth checking out if you're interested in what a well-designed Unix actually looks like. Linux can learn a lot from it.

Re:Congratulations

[grub]

I've used OpenBSD for many years (early 2.x days). Before asking questions on the list it helps to gooooogle and read until your eyes are bleeding. OpenBSD has (IMHO) the best manpages of any *nix system I've ever used. The FAQ and How-Tos on the site are excellent as well.

I've had a few replies from questions I've answered both on and off-list and the people have always been helpful. That includes the few exchanges I've had with Theo over the years.

In short: exhaust your reading and searches before asking questions on the lists. The OS is free, but developers' time is limited.

Re:Congratulations

[jps25]

In short: exhaust your reading and searches before asking questions on the lists. The OS is free, but developers' time is limited.

And that justifies arrogance and being an asshole?
We must be living in different worlds.

Re:Congratulations

[menkhaura]

Yeah, you and I (we) must. OpenBSD is not for the faint of heart, not for the n00bs, not quite for granny (but if she's asking questions on a OpenBSD mailing list, there's something seriously wrong with the way you set up her rig, or seriously wrong about your understanding of her computer understanding, or whatever). For user-friendly answers, the *BSD documentation is very extensive (try the FreeBSD handbook, most of which translates to OpenBSDdom or Linuxdom), and there are very, very many user-friendly Linux forums out there; the problems you'll have as a end user will be most probably with an end-user app, and kernel developers don't need to be hassled with such questions. As an analogy, I use to say that one novice user's question about the cup holder to the power users is the power user's question about the parameters to their device drivers.

Not that I'm an OpenBSD developer or any such things, but I think that people who dwelve onto the *BSD realm must be braced for such coups, and must be prepared to RTFM!

Re:Congratulations

[DiegoBravo]

>> For user-friendly answers, the *BSD documentation is very extensive (try the FreeBSD handbook,...

Sadly these days people do not read documentation, and just expect there is somebody out in the forums that will respond something, not necessarily correct, just in order to make the system work (and no, it doesn't matter how it actually works).

So responding to GP, I assume that openBSD is actually targeted for another world.

Re:Congratulations

[menkhaura]

Heh... Who said that "Assumption is the mother of all fuck-ups"? OpenBSD is indeed, targeted for another world, hence the rude answers some non-googling users get on their mailing lists...

Re:Congratulations

[mkiwi]

Generally, it seems like many developers don't like to see their work criticized. They take anything you say, no matter how benign, and take it personally. Even when porting software to another platform. I was the first to ask a certain Mac OS X project about using prebinding to increase performance and make libraries more compatible with the rest of OS X. Of course it meant that there would have to be a substantial change in the way everything was complied. I was essentially told by the main developers to fuck off after writing a very reasonable post on the issue.

A year later they implemented prebinding, which means my effort wasn't completely wasted.

Parents don't like it when you criticize their children, even if in their heart of hearts they know the criticism is true. Here, software = children; developers = parents. It's not too hard to imagine nerdy group could be like that.

Re:Congratulations

[compro01]

KDE 3.5.9 was released February 19, 2008.

Re:Congratulations

[tedu_again]

I certainly don't mean it personally, so that's good.

Re:Congratulations

[coryking]

but I think that people who dwelve onto the *BSD realm must be braced for such coups

Nonsense. Mabye in OpenBSD land, but here in FreeBSD world, we dont flame people to death. The people I encounter in my travels are never hostile, always helpful, and very non-religious (i.e. you dont have to apologize for the fact you are sending in a patch via Outlook and your favorite windows text editor).

That said, only would the OpenBSD flame this guy to a well deserved, and hilarious, crisp.

Re:Congratulations

[libkarl2]

I've been using OpenBSD for several years now, and right from the start I figured the lists were better suited for devs who are actually trying to deliver device drivers or serious kernelspace code. Seriously, the online documentation for OpenBSD is some of the best I have ever seen in any OS distro, ever.

Theo is no better or worse than many in this game. His professional demeanor may need serious work, but his (Free and Open) OS doesn't. THAT is what matters most to someone like me... who learned the hard way many years ago to avoid all contact (public and private) at all times with all kerneldevs of all kinds. It's a system and it works very very well. ;)

Besides, the abuse is often a form of triage. If you have a legit issue, then press that issue and ignore the mean sounding ASCII characters. If they have time to draft abusive replys, then you did your job. lol :D

Re:Congratulations

[Anpheus]

Agreed. When publishing bug reports, mind you, Ubuntu and a few other communities are the exception to this rule, I find nothing but hostility. Suspicion that I'm making it up, that no matter how competent I profess myself to be, it's my problem. It's a hardware issue (effecting just one piece of software,) when Pidgin randomly deleted my buddy list and then kept it deleted, it was entirely AOL's fault. In reality, I suspect Pidgin incorrectly parsed the buddy list sent which works flawlessly for millions of users and clients (including Trillian) worldwide, and then interpreted that as my 'new' buddy list.

I can't stand the arrogance of most open source developers I've associated with. To be fair, I can't stand the ambivalence most closed source companies have towards their users. Flash Player 10, for example, won't install on Windows unless you have -a- C:\. If you installed Windows onto a spare hard drive, it is given a different drive letter (such as E:\, in my case.) If I didn't have another disk that I could re-assign to C:\, or if I were a less technical person, I could not install Flash Player 10. Interestingly, from installing the trial of Adobe CS4 (the designer tool,) it was the only program that failed to install. I tried to contact Adobe and was told that support would come with a fee. WHAT? I am reporting a bug and they want to charge me money to elevate my call.

Maybe I just hate other programmers? Perhaps Jean-Paule Sartre should have said, "Hell is other programmers."

Re:Congratulations

[Ihmhi]

Truly, this is the year of BSD on the desktop.

Re:Congratulations

[TheRaven64]

Mabye in OpenBSD land, but here in FreeBSD world, we dont flame people to death.

Interesting to hear. I did a series of articles about the new versions of NetBSD, OpenBSD and DragonflyBSD about a year ago. I originally intended to write one on FreeBSD for the same series, but decided to drop it. When I emailed the OpenBSD developers, I got well thought-out replies to my questions. The NetBSD guys went even further and forwarded my questions to some other people, collected replies, and gave me a huge amount of material to work with. Matt Dillon, likewise, gave me some great material on his plans for Dragonfly. The FreeBSD developers ignored me for a month, and then replied with a colossal flame ending 'never contact me again'. One of the other developers did apologise for this behaviour later. I thought this was a shame, since I've been a FreeBSD user for some years and wanted to give the project some free publicity. After this encounter, however, I dropped the idea of a FreeBSD article.

Far from dead...

[idiotnot]

Congrats to the OpenBSD team.

In related news, NetBSD 5.0 should be released soon, too.

BSD proves Netcraft wrong again.

Re:Mebbe I should try it some time

[torstenvl]

This is not flamebait. I encourage moderators to read the guidelines at http://slashdot.org/moderation.shtml

Bad Comments are flamebait. Bad comments have nothing to do with the article they are attached to. They call someone names. They ridicule someone for having a different opinion without backing it up with anything more tangible than strong words. Bad comments are repeats of something said 15 times already making it quite apparent that the writer didn't read the previous comments. They use foul language. They are hard to read or just don't make any sense. They detract from the article they are attached to.

The parent did use "a name" but it was not an insult so much as voicing the consensus judgment of the behavior of the leader of OpenBSD, Theo de Raadt. de Raadt is, in fact, an "arrogant ass[]"; if a moderator thinks this is calling names rather than an accurate description, I encourage that moderator to peruse the history of Slashdot articles about de Raadt, perhaps starting with http://linux.slashdot.org/article.pl?sid=05/06/17/127206

Thank you and let's all try to make Slashdot a better and more interesting place.

Re:why bother with 6 month release cycle?

[this+great+guy]

Those SPARCs are 4 year old machines.

No, the UltraSPARC T2 was released in October 2007.

Re:why bother with 6 month release cycle?

[NormalVisual]

T1s aren't quite three years old yet, and T2s have only been out for just over a year.

Rock Solid

I have been regularly running OpenBSD for the last 8 years, and I have never been disappointed. 4.4 keeps up the string of solid releases.

I have a thinkpad that runs it as well.

Yes, I buy the CDs, and a few shirts, and donate $ when I can. Hopefully it keeps them working on the next release. I don't know what I would do without it running my DNS and other servers.

Re:Rock Solid

[TheRaven64]

man acpithinkpad. man apm.

Yes, it works fine.

KDE version

[jadrian]

KDE 3.5.8? Why so old... even if KDE 3.5.10 released in late August was too late to make it, KDE 3.5.9 came out in February, that's over 8 months.

Re:KDE version

[twistah]

My guess is they care more about mature, audited code than something that's top-of-the-line by .1 version.

Re:KDE version

[calidoscope]

The quality of most Linux-oriented code leads to a great deal of time spent porting it to other systems

While I can understand why OSS developers would be content if they can just get their code running on Linux, they do miss out on the debugging opportunities inherent with porting to other systems.

The other aspect is that the OpenBSD team would like to make sure they are not introducing more security holes with the "latest and greatest" from the various projects. Something like KDE or Gnome could be loaded with hard to detect security holes.

Re:KDE version

3.5.9 is included in 4.4!

Re:KDE version

No, they don't, they audit base, not ports.

Re:KDE version

[OmegaBlac]

They audit every line of code they ship, including the external stuff they don't write.

I keep seeing this, but it is not entirely correct. According to their own FAQ they do not audit ports or packages to the same degree as the base system. One must assume that the "external stuff" has not been through an audit at all when installing a port/package.
http://www.openbsd.org/faq/faq15.html#Intro

Re:KDE version

[jggimi]

Perhaps you're thinking of another OS? Polipo 0.9.9 was added to the tree on 24 September 2005.

Re:Mebbe I should try it some time

[QuickFox]

although they lack a good pre-built distro like Ubuntu.

They do have a good pre-built distro. It's called PC-BSD. It's very good in my experience, very nice. And it's a breeze to install, just like Ubuntu.

I like Ubuntu even better. But PC-BSD is very fine, really, it deserves recognition. It's well worth trying.

A site geared towards Linux user, to learn OpenBSD

This site is geared towards Linux users that want to learn OpenBSD: http://www.openbsd101.com/

Re:Mebbe I should try it some time

[Galactic+Dominator]

It was flamebait on several counts, the first being FreeBSD is not anything like Linux. Kernel, filesystem, hier, SMP, licensing, and general philosophy are greatly different.

I personally think Theo de Raadt is a great project leader, even if he leaves a bit to be desired in tactfully dealing with situations. He's a bit abrasive in way House, MD is abrasive. I think Linus Torvalds is an ass but if I were to use that a basis of running down his work, then I too would be guilty a flamebait.

The rest of the OpenBSD criticisms are simply there to troll, nothing substantive at all. SMP has been there for quite awhile.

Please let people spend their mod points how they see fit even if they don't agree with your viewpoint.

Thank you and let's all try to make Slashdot a better and more interesting place.

Re:Mebbe I should try it some time

[QuoteMstr]

Yes, OpenBSD's performance is behind that of Linux and FreeBSD (which are neck-and-neck.) However, performance is still quite adequate. OpenBSD has a kind of austere simplicity, however, that makes it a pleasure to administer. It certainly has a niche.

One Day..

[EEPROMS]

[Death walking away muttering]
Death "SO DISAPPOINTING"

Re:Mebbe I should try it some time

[ArbitraryConstant]

They're significantly behind Linux in many areas, but don't mistake optimization for specific workloads as obsolescence. Performance sucks once you hit userspace, but most OpenBSD machines spend almost all their time in the kernel, routing and firewalling, tasks for which they are quite competitive with Linux.

Re:Mebbe I should try it some time

[larry+bagina]

Linux doesn't take anything from BSD. Everything in Linux is free for BSD to use as long as the code stays free, ie under the GPL. While if apple takes code from BSD, you will never see that code again.

Every bit of BSD code that Apple uses is still available from them (either under the original license, or the OSI approved APSL).

Re:EOL cycle

[timmarhy]

updating requires about 30 minutes of down time, I have a production system that costs the company $10,000 a minute when it's not running (and i'm sure that's cheap by some peoples standards). explain why i would choose an OS that costs the company $300,000 a year in avoidable down time. with other OS's i can continue to get security patches and i can apply them with the minimum amount of down time possible.

and yes we have backup systems, but if you've ever worked in a real industrial environment it's not as simple as flicking a switch when it comes to changing control systems, and it's certainly something you want to avoid.

Re:EOL cycle

[Blackknight]

Normally you don't NEED to upgrade it. Set up the device and forget about it, unless there's some type of remote exploit you'll be fine.

Re:4.4

[TeknoHog]

Linux is only at 2.6.27.4, as if we're back in the 1980s. Though unix-like systems in general are relics from the 1970s.

Silent Money Maker

[imus]

OpenBSD puts a lot of money in consultant's pockets. It's hands down the most secure OS on the market. Got a client that needs a secure redundant firewall but can't afford big, over-priced Cisco gear? OpenBSD to the resuce. OpenBGP, CARP, etc. You can do things with OpenBSD and 15K worth of hardware that would cost six or seven times as much money with dedicated networking hardware. And, you can do it better. So, if you need some easy extra cash get into OpenBSD and start making a killing in the firewall business in your hometown. When you get a reputation for solid, secure systems (they'll wonder how you do it :)) donate some cash to the OpenBSD Foundation and buy some CDs.

Re:EOL cycle

[imus]

CARP. Google upgrades backend stuff all the time, but you never know it. OpenBSD does CARP better than anyone. Try it. I can re-install in less than 10 minutes. Sparc64 or Intel machines. No one is aware as services are still available.

Re:Mebbe I should try it some time

[menkhaura]

Let me just point out that PC-BSD's kernel is the very same FreeBSD, nothing related to OpenBSD; let me also just point out that the standard FreeBSD distribution combines the advantages of Gentoo's (customizing the building of packages to your needs or desires) and of Debian (superb dependency tracking, very fast on searches, always up-to-date (if you consider Debian Unstable)).

Re:Mebbe I should try it some time

[cbhacking]

PC-BSD, like DesktopBSD, is FreeBSD based. Don't confuse FreeBSD and OpenBSD - they share many userspace utilities and their kernels have some common history, but they are not the same OS.

Basically, OpenBSD is the one that is rabid about security - makes great server software.
NetBSD is the ultra-portable one - good for unusual hardware.
FreeBSD has excellent support for commodity hardware. It is the one used to make the user-friendly distros.

Re:Mebbe I should try it some time

[epine]

How is it that these comments are raised again and again with rarely a genuflect towards the possibility that our social norms and our technical norms exist at cross purposes?

It is often pointed out that humans are hierarchical animals. What's pointed out far less often is that we are also polarizing animals. For the most part, it's pretty darn hard to get a community of people to rest comfortably within a dual hierarchy: the polarizers will either succeed in driving the culture toward a political hierarchy, or they will succeed in driving the culture toward a technical meritocracy, politics be damned.

What evidence do we have that people can be effective and polite at the same time? NASA? I think not. When it became a political culture, shuttles exploded.

Is Linus an ass, or does he choose to occupy the niche that has proven viable? Larry Wall has taken a gentler stance toward his position as benevolent dictator for life, and he's not getting much good press lately. Nice guys finish last or at best, five years late.

Every time this subject comes up, there is a lot of chattering from the "How to win friends and influence people" crowd that despite the technical merits of X, it doesn't suit that person's social worldview, as if technical merit belongs in a marriage with popularity and approval.

As far as I can tell from my experience, the majority of PC marriages of that ilk are functionally destitute, yet the chattering never ceases that the world *ought* to operate that way. On what basis? What annoys me most is that this chattering rarely includes even the slightest nod toward justification.

This is another fact about human nature: we seem to have an inbuilt algorithm for determining that certain kinds of opinions can be safely put forward with little or no justification (e.g. "that's just how things are"), and which kinds of opinion can automatically be called to account. In my experience, the hierarchy of what must be fully justified and what needn't be has been pretty much decided on the grade 3 playground.

There seems to be a lot of people out there who are offended to the core that Theo's objectionable personality has been associated with so much durable accomplishment. In my opinion, that's just a bad case of shooting the messenger. Given broad human instincts toward hierarchy and polarization, it was as inevitable as the rise of the spam king having created a zero-cost anonymous distribution channel.

The underlying problem is that there is no reliable chalk line between civility and brown-nosing, and it's hell to police in a project that could otherwise rely on more objective measures. It's kind of like Sudoku. A complete waste of time, but I enjoy it anyway. We've made almost no progress (as a social organism) at efficiently policing the line between civility and brown-nosing, but so many among our ranks seem to prefer sliding down this slippery moss bank over the firm traction of dystopian merit.

Re:Mebbe I should try it some time

[ArbitraryConstant]

> What does Linux take from BSD? All those vendor supplied drivers? The userland? The vast array of high quality filesystems?

The overwhelmingly dominant SSH implementation?

Re:Mebbe I should try it some time

[laddiebuck]

As a Debian admin and user, I have to point out that Debian also makes this process trivial. Gentoo is overrated; Debian is the best OS to admin I've come across, whether Linux or BSD.

Re:Mebbe I should try it some time

[laffer1]

Yes and don't forget the other three since you're trying to be complete:

DragonFly BSD - clustering (freebsd 4 fork) good for servers.

MirBSD - OpenBSD fork (3.x i think)

MidnightBSD - FreeBSD 6.x fork (although bringing in 7.x features now) Focused on desktop use. Not at PC-BSD usability levels yet.

Package security?

[Unsung+Bovine+Herd]

For a distro that prides itself on proactive security, OpenBSD seems to lack one security feature most mainline Linux distributions have: some form of package signing. I know package signing doesn't make a system 100% percent secure from Trojan'ed applications. I'm not a security expert, but I think having signed packages helps reduce the possibility of man-in-the-middle attacks, say, from malicious DNS redirection that points the user to a bogus mirror even if the "real" mirror (which presumably is running a secure BSD system) isn't compromised. It seems to me the most secure OpenBSD system is one without anything besides the base system installed, good enough for a server, but unfortunately not for everyday Desktop use in Facebook era.

Re:Package security?

[incripshin]

Anonymous cvs access is done over ssh, and the public keys are listed on the OpenBSD website. The ports tree includes checksums, and these are all verified automatically. So if you check the ssh key of the cvs server, all your ports are safe.

As for pre-built packages from FTP, I don't think there's anything in place for verification.

Re:Mebbe I should try it some time

[Warped-Reality]

Spend $20 on a new ethernet card? I used a cheap off-the-shelf realtek on openbsd for years. On a Sun SPARC, no less.

Re:Mebbe I should try it some time

[notamisfit]

In other late breaking news, 100% of Coke drinkers prefer Coke to Pepsi.

"Assumption is the mother..."

[RT+Alec]

Wasn't that one of the bad guys in "Under Siege: 2"?

4.4 song

[c0nst]

Here's the song with lyrics for this release: 4.4: "Trial of the BSD Knights" http://www.openbsd.org/lyrics.html#44

Re:EOL cycle

[pyite]

that's not a solution when you have applications processing information, and you switch over while your in the middle of processing requests. In my situation there isn't a single second the system isn't fielding 100's of requests. basicly it involves a hand shake where the client makes a requests and expects an answer, if you switch over the new system won't know the client is expecting an answer so you'd have to re engineer a black box system to do it somehow.

Ever heard of connection draining? You build systems with the expectation that they will fail. Any component at any given point in time should be expected to be broken, because it will be at some point. If your system can't handle bringing down a server for maintenance, then you have far bigger problems than picking a good OS. Good luck to you.

Re:Mebbe I should try it some time

[Anpheus]

Apple releases the free code if and when it chooses to, sometimes only after repeated prodding. Apple is very likely going to be on the bad end of a lawsuit regarding GPL violations because there are still versions of XCode that they have never released the GCC source for (XCode 2.5 I think? I don't recall which.)

Apple regards the open source community as a convenience, not as partners.