Slashdot Mirror
OpenBSD 4.5 Released
portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.
Oh BSD for server farms,
For blinking rows of lights.
For late night coke and deli runs
In those bitter winter nights!
NetBSD! FreeBSD!
Dick shakes his fists at thee
And hates much more the fact that you're
As dead as dead can be!
Security is something we should get on top of the other features, not with the cost of other features. I am talking about usability and features here.
Sure, the core OpenBSD software is probably the most secure in the world, but what can you really accomplish with it without getting gray hair. Good for routers and other network appliances, but once you start moving towards application servers and (*gasp*) desktop oriented usage it becomes obvious that OpenBSD is not really fit for the duty. In many areas it is practically where most of the Linux distributions were in the 90s.
Heck, you can't even select my native keyboard layout without actually creating the mappings manually. Hah!
Title says it all: http://www.sun.com/software/solaris/get.jsp
#include <sig.h>
NetBSD 5 yesterday, OpenBSD 4.5 today and a three day weekend ahead.
*fap*
Stop Computers/Cars Analogies on S
The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.
Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.
The 80's called - they want their cock-rock back!
Any other software installed besides the default would like be written by third parties and thus, any security that would cause is not the fault the OpenBSD dev's, i.e. if someone found a huge security hole in Apache, thats not OpenBSD's fault.
Is this to the tune of 'O Caaaanada'?
I'm not sure why the OpenBSD people bother with marketing at all. It's most likely just tradition. From my experience, the type of audience they're interested in are hardcore enthusiasts or dedicated and thick-skinned newbies. They don't want users who can be persuaded to go with OpenBSD instead of, say, Ubuntu by a catchy tag-line. They just don't give a fig about newbie-friendliness, and I'm not saying that as a criticism. It seems to work for a lot of people who can break the barrier and become proficient with OpenBSD. The stuff that matters, like well-written man-pages, is there. What's not there are pretty GUIs and wizards. In the end, what else would you expect from a group lead by someone with the personality of Theo de Raadt.
Deus est fatalis
Nearly dead is still partly alive!
A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.
Is this to the tune of 'O Caaaanada'?
Reminds me of "O Andy Tannenbaum".
"I don't know, therefore Aliens" Wafflebox1
Given that they are immune to Conficker and *ALL* other Windows-specific malware, does that mean you are now a convert and we can expect to see "Windows is dead!" trolls from now on?
it's the kind of marketing nonsense we have come to expect from zealots. 2 remote holes in 10 years would be impressive if their main customers were webservices and everything was turned on by default. but on a system which has no services turned on by default? give me a break. by that logic microsoft can claim DOS has had zero remote holes in 20 years.
If you mod me down, I will become more powerful than you can imagine....
A default OpenBSD install includes OpenSSH open on port 22. I assure you there is no shortage of script kiddies looking for exploits in OpenBSD. And even more trying to exploit OpenSSH. Usually they are able to escalate privileges from root to root using a bug in grep from a version released 5 years ago and then they give up.
A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.
OpenBSD is on a 6-month development release, and remember the auditing and code-screening that goes into each release. Patches for these "optional" packages (OBSD default install primary use is a stripped down server environment) can be updated immediately. Just like any other installer, there WILL be updates available, even on day 1.
Is the lack of RBAC and MAC, or any decent non discretionary access controls.
Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.
It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.
As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.
If you ignore ACs because they are anonymous - you're an idiot.
Is this to the tune of 'O Caaaanada'?
I was thinking "Jingle Bells".
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
"I find it intimidating that the community is unable or unwilling to maintain proper information channels for security-related maintenance"
You could try looking over on the Bug Tracking System or the openbsd-bugs mailing list
davecb5620@gmail.com
"The one area where OpenBSD is let down on the security front is the packages/ports"
"The ports & packages collection does NOT go through the thorough security audit that the OpenBSD base system does. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security"
davecb5620@gmail.com
For some strange reason I was thinking Camptown Races (the song)...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
It also works for "The Yellow Rose of Texas".
-=Steve=-
Space game using normal deck of cards: http://BattleCards.org
Seems like an interesting rorschach test.
Do you even lift?
These aren't the 'roids you're looking for.
Jingle Bells, don't you mean Oh Christmas Tree
Nono, to the tune of this!
How do you escalate privileges by exploiting grep?
Watch this +10 Flamebait:
Men use BSD - boys use Linux.
Period. Next to trusted OS's(TrustedBSD, TrustedSolaris, etc.) OpenBSD is the only thing out there I would put on the public internet with confidential data. Not only that, OpenBSD is the _only_ thing I would trust to protect my internal networks.
Most security appliances have some Linux baked in - no thanks.
Website Hosting
Yeah, fascinating. GP was gibberish devoid of any meaning that didn't even try to address the point of GGPs post and yet - got modded up. I wonder if GPs post was meant to be a test (troll?) or whether the poster is really that incoherent...?
*WHOOOOOSH*
Except that - as someone pointed out in an earlier comment - the optional packages like Firefox and KDE don't get the auditing and code screening. Hell, allegedly they don't even get prompt security updates when upstream fixes something.
That's a bad example - Apache is shipped as part of the core OpenBSD system and therefore a hole in Apache as shipped with OpenBSD *would* count.
Oolite: Elite-like game. For Mac, Linux and Windows
I've got a UltraSparc IIe laptop and the only OSes that will run on it are Solaris and OpenBSD. Newer versions of Solaris give an awful user experience no matter what you do; the machine does only have a 650Mhz processor. It had gotten so bad it was looking like I might actually have to buy a new laptop, instead of waiting like I want to for relatively inexpensive mobile quad core.
The OpenBSD guys, for whatever reason, decided that supporting this oddball laptop was something they wanted to do. No idea what prompted this, but it has been a godsend for me. I did have to do some hand X configuration stuff, but it was easy enough. Initially, I ran XFCE, but now use awesome (because it is awesome, obviously) and I really like the set up.
Aside from a web browser, a PDF reader (epdfview), freecell and ummm, nothing else I guess; I don't really use that many GUI apps on my laptop. While I'd prefer to use Midori (the laptop is slow), firefox performance is still in the acceptable range.
I'm using the shell a lot more, obviously, than I do on my Ubuntu desktop and I'm liking it well enough.
The OpenBSD team decided to actively support my Tadpole Sparcle 650SX and they have my gratitude for this.
No, it wouldn't, since it isn't activated in the _default_install_. Do you start to see why this "2 remote exploits in 10 years" thing is actually an embarrassingly bad track record? I mean if you can't even secure something as trivial as the password login of a shell terminal - how can you say that your OS is secure? The mind boggles...
except that the Apache that comes installed with OpenBSD is far different than the one you'll find on apache.org. Last I heard, there are about 4000 lines of code difference. They maintain that as part of the base. It is more secure than the stock apache you'd find elsewhere.
And this isn't coming from some AC. I've used OpenBSD since 3.4. I've seen the implementation of wireless, bluetooth, WPA/WPA2 without the "linux_supplicant" bullshit. Massive changes to PF, bioctl for raid, sound upgrades, DRI for 3D, OpenBGPd, OpenOSPFd, our own implementation of mail (ripping out the modified sendmail). All without an NDA.
We are the tortoise, not the hare. Linux/FreeBSD are the prison bitches of companies by signing NDAs just so they can "support" the latest technology. Video cards blobs may work, but when they go tits up, the companies either take forever to fix them, or it's just tough luck... "you don't have enough market share"
It's a popularity contest. OpenBSD won't win it, but we don't need to. I am happy to be sitting at the adult table, not eating the table scraps of the corporate world.
It's all damned lies and statistics!! I mean 47% of all people use statistics to back up their arguments.
There's an unofficial .iso torrent up on The Pirate Bay, for those finding the mirrors slow. Not a lot of people using it at the moment, but we can change that.
Some of the MD5s are different; I haven't investigated why yet.
________________________________________________
suwain_2
OpenBSD does ship with services turned on though - eg OpenSSH and a few other mostly minor ones. But it is more than just exposed services - how many remotely exploitable kernel vulnerabilities have other systems patched over the last 10 yrs?
I'm no OpenBSD zealot (I'm mainly a Linux user), but OpenBSDs security track record and attention to detail is impressive. Quite often exploits in 3rd party code are mitigated or ineffective on OpenBSD due to measures they have taken.
It's not all roses though - keeping 3rd party apps patched on OpenBSD is harder than say Debian. They just don't have the resources to manage vast repositories like Linux distros do. Which is the big reason I will normally use Debian instead of OpenBSD.
*WHOOOOSH*