Slashdot Mirror
OpenBSD 4.5 Released
portscan writes "OpenBSD 4.5 has been released. New and extended platforms include sparc64, and added device drivers. OpenSSH 5.2 is included, plus a number of tweaks, bugfixes, and enhancements. See the announcement page for a full list. OpenBSD is a security-oriented UNIX/BSD operating system." As per OpenBSD tradition, of course there's a song.
Oh BSD for server farms,
For blinking rows of lights.
For late night coke and deli runs
In those bitter winter nights!
NetBSD! FreeBSD!
Dick shakes his fists at thee
And hates much more the fact that you're
As dead as dead can be!
Title says it all: http://www.sun.com/software/solaris/get.jsp
#include <sig.h>
NetBSD 5 yesterday, OpenBSD 4.5 today and a three day weekend ahead.
*fap*
Stop Computers/Cars Analogies on S
It's a spectrum, and not all OSes are good for all applications. I for one am glad that there are people taking security seriously in an OS. Maybe it's hard to use for the average user, but in server and embedded environments, it excels.
You can also bet that other *nixes (especially other BSD flavors) take hints on how to secure themselves from OpenBSD.
Use whatever OS suits your needs best, just don't try to bring other distros down for not following your vision.
The one area where OpenBSD is let down on the security front is the packages/ports - basically the applications you might want to use. Those are not kept updated over the lifetime of a release. The only way to get the patches and security fixes is to run -Current, which may not be the best for most people.
Given the frequent updates needed for some apps, especially on the security front (looking at you Firefox!) - it seems a bit odd for a security focused project to expect it's users to run the same old static version for circa 6 months till the next version arrives.
The 80's called - they want their cock-rock back!
I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.
But it has its small niche market and lives there happily. Additionally we all benefit from this project one way or the other (OpenSSH, etc.)
It's a bit similar to Minix: interesting and certainly helpful in its own way. But nothing for everyday usage.
Cancel mod
You can run openBSD on a Spectrum?
Get free bitcoins: http://freebitco.in
Any other software installed besides the default would like be written by third parties and thus, any security that would cause is not the fault the OpenBSD dev's, i.e. if someone found a huge security hole in Apache, thats not OpenBSD's fault.
Is this to the tune of 'O Caaaanada'?
I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.
You might be surprised. OpenBSD has good ACPI support now, has DRI in 4.5 (had it in 4.4 but it wasn't enabled by default). Sound support is good, and 4.5 introduces a simple sound daemon for userspace mixing. ARM support has also improved a lot recently, so it makes a good choice for handhelds.
I am TheRaven on Soylent News
It's totally unlike MINIX. MINIX is a hobby OS that only works and has perfect security in the author's mind. OpenBSD is used in production where security matters and on real hardware.
I am willing to claim that OpenBSD is more than comfortable for its intended use in routers and servers.
OpenBSD doesn't use GUI config tools, and complex package managers, but that is because they are not needed. It is simple and elegant like that.
It has some rough edges like the lack of utf-8 support in the base system and utilities but it isn't bad as a Desktop OS either, most desktop applications don't use libc for their encoding support anyways.
My home server and my laptop both run OpenBSD and I don't miss your real OSes at all. After all whatever I cannot do easily in OpenBSD Linux does through binary blobs and proprietary software. At that point I could be as well running Windows 7.
10 little-endian boys went out to dine, a big-endian carp ate one, and then there were -246.
I'm not sure why the OpenBSD people bother with marketing at all. It's most likely just tradition. From my experience, the type of audience they're interested in are hardcore enthusiasts or dedicated and thick-skinned newbies. They don't want users who can be persuaded to go with OpenBSD instead of, say, Ubuntu by a catchy tag-line. They just don't give a fig about newbie-friendliness, and I'm not saying that as a criticism. It seems to work for a lot of people who can break the barrier and become proficient with OpenBSD. The stuff that matters, like well-written man-pages, is there. What's not there are pretty GUIs and wizards. In the end, what else would you expect from a group lead by someone with the personality of Theo de Raadt.
Deus est fatalis
Nearly dead is still partly alive!
A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.
After all whatever I cannot do easily in OpenBSD Linux does through binary blobs and proprietary software. At that point I could be as well running Windows 7.
So there is no reason to use Linux over Windows other than to have an entirely free software systems?
I hope you are using an open source BIOS and microcode as well, just to be consistent.
I would beg to differ. The package management is just as good if not better than what's available in Linuxland, so there's no great difficulty in setting it up as a good desktop system.
Having excellent support for many non-x86 platforms, as well as having a small footprint make it a great choice for older hardware. I currently have it installed on on my old UltraSparc and Alpha workstations.
OpenBSD contributes more than just OpenSSH to other OS'es. Aside from pushing hardware manufacturers to open up their documentation, they've also reverse engineered drivers that have made their way into the other BSD's and even Linux (remember the whole Atheros? issue last year). Whereas many Linux distributions and the other BSD's have made compromises with proprietary drivers and binary blobs, OpenBSD still pushes for true open source.
PF and CARP also make OpenBSD a superior router platform to any IPTables based setup any day. You may be surprised how popular it is in the data centre.
Unlike Minix, OpenBSD's niche has a place in real world usage.
http://astutehosting.com/
Isn't it UNIX? Couldn't you just run Ubuntu, and switch the kernel, or isn't UNIX a standard?
Is this to the tune of 'O Caaaanada'?
Reminds me of "O Andy Tannenbaum".
"I don't know, therefore Aliens" Wafflebox1
There is a difference between binary blobs and firmware. And it is significant. Firmware is part of the hardware. Of course we all would rather completely open hardware, but software that runs in kernel mode is of higher priority to me. Also software encumbered by patents and proprietary undocumented formats.
I use Linux over Windows, but the version I use is unfree and I use it specifically for its unfree features(Namely Skype and legal DVD playback, not that I actually use the latter) so I really could use either at that point.
it's the kind of marketing nonsense we have come to expect from zealots. 2 remote holes in 10 years would be impressive if their main customers were webservices and everything was turned on by default. but on a system which has no services turned on by default? give me a break. by that logic microsoft can claim DOS has had zero remote holes in 20 years.
If you mod me down, I will become more powerful than you can imagine....
I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.
Depends on what you mean by a desktop. I run ubuntu on my laptops but I have an amd64 machine running netbsd for serious work. I use it for network administration and software development. The environment is simple: X11, fvwm, aterm and applications like firefox and nedit. Its not gnome, but for some purposes it is much better. I haven't used openbsd at all but I am pretty sure it would be similar on the same hardware.
http://michaelsmith.id.au
Not on the level of binary compatibility, no.
Error: password can't contain reverse spelling of ancient Chinese emperor
A default OpenBSD install includes OpenSSH open on port 22. I assure you there is no shortage of script kiddies looking for exploits in OpenBSD. And even more trying to exploit OpenSSH. Usually they are able to escalate privileges from root to root using a bug in grep from a version released 5 years ago and then they give up.
Yep. GPL talks the talk, but BSD walks the walk. Thanks and congratulations to all the BSD contributors throughout the years. This is a more FREE world thanks to your time and efforts.
Do you even lift?
These aren't the 'roids you're looking for.
isn't UNIX a standard?
"It's a Unix system ! I know this !"
Squirrel!
You might be able to. OpenBSD can run Linux binaries, although may not support some recent system calls. If you're using ext2/3 then OpenBSD should be able to mount it correctly. I don't think anyone's done this as a drop-in job, and I can't imagine many people wanting to (a large part of the attraction of OpenBSD is the clean and consistent, well-documented, userland. Replacing this with the cobbled-together userland from Ubuntu would not be an improvement). You can, however, install most of the software you would run on Ubuntu on OpenBSD.
I am TheRaven on Soylent News
The package management is just as good if not better than what's available in Linuxland,
When's the last time you used Linux? Keeping systems up-to-date, both base system and userspace stuff, is much easier on Debian-based systems, IMO. It's straightforward on the BSDs, yes. But I wouldn't call it better. In fact, when I do setup an OpenBSD systems, I normally end up using pkgsrc over OpenBSD ports.
so there's no great difficulty in setting it up as a good desktop system.
No, there's not. But even a Windows-only imbecile can get Ubuntu with GNOME running in less than an hour, and I don't think you can say that about any of the BSD systems.
Don't get me wrong, I prefer NetBSD and OpenBSD to pretty much everything else out there, but it's still not for beginners.
A version of KDE that no longer gets any love from upstream; old Firefox, old Thunderbird. Hopefully there are security updates for the latter two and that someone is giving some TLC to the former.
OpenBSD is on a 6-month development release, and remember the auditing and code-screening that goes into each release. Patches for these "optional" packages (OBSD default install primary use is a stripped down server environment) can be updated immediately. Just like any other installer, there WILL be updates available, even on day 1.
Is the lack of RBAC and MAC, or any decent non discretionary access controls.
Solaris has RBAC, Linux has RSBAC and SELinux. OpenBSD staunchly refuses to add anything similar, and no, a system call interceptor does not count.
It's all well and good to have quality code and aim to get rid of vulnerabilities at the core, but a really secure system would be able to protect from attack, in the event it did happen.
As it stands, a system with SELinux or RSBAC is far, far more secure than OpenBSD, because of this fact.
If you ignore ACs because they are anonymous - you're an idiot.
I would beg to differ. The package management is just as good if not better than what's available in Linuxland,
I am not sure I agree. I use netbsd and ubuntu. I can see the benefits in the debian approach of being able to upgrade the whole system through packages. With openbsd and netbsd you have to run current for that which means the user has to do a lot of integration work to stay up to date.
http://michaelsmith.id.au
Is this to the tune of 'O Caaaanada'?
I was thinking "Jingle Bells".
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
"I find it intimidating that the community is unable or unwilling to maintain proper information channels for security-related maintenance"
You could try looking over on the Bug Tracking System or the openbsd-bugs mailing list
davecb5620@gmail.com
"The one area where OpenBSD is let down on the security front is the packages/ports"
"The ports & packages collection does NOT go through the thorough security audit that the OpenBSD base system does. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security"
davecb5620@gmail.com
For some strange reason I was thinking Camptown Races (the song)...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Sparkling clean, secure code is wonderful, but when it's years behind the times in basic software kits.
Perhaps the "basic software kits" have overreached their bounds? Too many irons in the fire isn't necessarily a good thing.
Tortoise, hare, whatnot.
Trolling is a art,
Nice Flamebait. If you look at kLOC (in actual use, mind you) under BSD and GPL you will see the real story. We all owe thanks to Berkeley for BSD and the BSD license under which the -lite versions came, and the BSD is still relevant today, but the GPL is the present and may well be the future (unless we find another more clever way to unfuck copyright law.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It also works for "The Yellow Rose of Texas".
-=Steve=-
Space game using normal deck of cards: http://BattleCards.org
Seems like an interesting rorschach test.
Do you even lift?
These aren't the 'roids you're looking for.
Jingle Bells, don't you mean Oh Christmas Tree
Nono, to the tune of this!
How do you escalate privileges by exploiting grep?
It's modded troll because he's acting like one, all good trolls have a degree of truth in them. The use of profanity brought it down, if that was left out I'm sure it would have been up modded. I would absolutely love to move to OpenBSD but I don't really want to give up the 3d support.
Also I'm by no means a virtualization master, but why would you run a set up like that? You can run OpenBSD from VMware server, which can then run XYZ OS.
kLOC == Popularity.
That does not necessarily mean that GPL is the right solution for all open-source software, and please don't suggest otherwise. Each project determines which license is right for them.
Security is something we should get on top of the other features, not with the cost of other features. I am talking about usability and features here.
Security is not a feature. Thinking it is has led to most of the Internet's larger failings as present today.
Interested in open source engine management for your Subaru?
Watch this +10 Flamebait:
Men use BSD - boys use Linux.
Period. Next to trusted OS's(TrustedBSD, TrustedSolaris, etc.) OpenBSD is the only thing out there I would put on the public internet with confidential data. Not only that, OpenBSD is the _only_ thing I would trust to protect my internal networks.
Most security appliances have some Linux baked in - no thanks.
Website Hosting
Except that - as someone pointed out in an earlier comment - the optional packages like Firefox and KDE don't get the auditing and code screening. Hell, allegedly they don't even get prompt security updates when upstream fixes something.
Keeping systems up-to-date, both base system and userspace stuff, is much easier on Debian-based systems, IMO.
I upgraded to 4.5 this morning, and the package upgrade instructions were to run pkg_add -ui -F update -F updatedepends. Now, I'm typing this on Ubuntu, and I use FreeBSD on most of "my" servers, but that just about as convenient as it gets.
Dewey, what part of this looks like authorities should be involved?
That's a bad example - Apache is shipped as part of the core OpenBSD system and therefore a hole in Apache as shipped with OpenBSD *would* count.
Oolite: Elite-like game. For Mac, Linux and Windows
"And what kind of virtualization software do you have? Real virtualization, that that jails shit. You can't run other OS's in a jail. VMware? VirtualBox? Oh that's right, you don't have anything."
OpenBSD has a QEMU package that allows virtualization of an entire PC. Last I heard the Linux/KVM project uses the same software to achieve this end.
So there is your virtual solution.
OpenBSD contributes more than just OpenSSH to other OS'es. Aside from pushing hardware manufacturers to open up their documentation, they've also reverse engineered drivers that have made their way into the other BSD's and even Linux (remember the whole Atheros? issue last year). Whereas many Linux distributions and the other BSD's have made compromises with proprietary drivers and binary blobs, OpenBSD still pushes for true open source.
Agreed. According the the OpenBSD project, NDA and blobs are _never_ considered acceptable.
I've got a UltraSparc IIe laptop and the only OSes that will run on it are Solaris and OpenBSD. Newer versions of Solaris give an awful user experience no matter what you do; the machine does only have a 650Mhz processor. It had gotten so bad it was looking like I might actually have to buy a new laptop, instead of waiting like I want to for relatively inexpensive mobile quad core.
The OpenBSD guys, for whatever reason, decided that supporting this oddball laptop was something they wanted to do. No idea what prompted this, but it has been a godsend for me. I did have to do some hand X configuration stuff, but it was easy enough. Initially, I ran XFCE, but now use awesome (because it is awesome, obviously) and I really like the set up.
Aside from a web browser, a PDF reader (epdfview), freecell and ummm, nothing else I guess; I don't really use that many GUI apps on my laptop. While I'd prefer to use Midori (the laptop is slow), firefox performance is still in the acceptable range.
I'm using the shell a lot more, obviously, than I do on my Ubuntu desktop and I'm liking it well enough.
The OpenBSD team decided to actively support my Tadpole Sparcle 650SX and they have my gratitude for this.
apt-get dist-upgrade
Bzzt! You forgot to run apt-get update first.
Dewey, what part of this looks like authorities should be involved?
So how awesome are the nVidia drivers on OpenBSD? You have 64-bit versions, right? Oh wait, I guess not. You'll have to stick with sucky 3D performance I guess.
Exactly what do you need 3d performance on OpenBSD with? I seriously doubt the person you were responding to was using OpenBSD as a gaming platform and as such they probably couldn't care less.
I upgraded to 4.5 this morning, and the package upgrade instructions were to run pkg_add -ui -F update -F updatedepends.
Odd. Why the hell doesn't FreeBSD's version of pkg_add support any "update" option?
There is no flamebait. Pretty much any of the most important, open protocols in use today had their implementation released under a BSD/MIT-like license. Care to name anything remotely approaching the importance of things such as Berkeley sockets, Kerberos, etc that are both widely accepted and released as a GPL implementation? I'm guessing not.
Odd. Why the hell doesn't FreeBSD's version of pkg_add support any "update" option?
Probably because we have portupgrade, which I like even better.
Dewey, what part of this looks like authorities should be involved?
UNIX is a specification. It's defined by services the system offers and how user space programs access them. So, there's no guarantee that OpenBSD and Linux implement system calls the same way. There is just a chance that the same system calls exist on both systems.
God save our Queen, and Heaven bless The Maple Leaf Forever!
He's trolling because while his statement is true, it's very selective. OpenBSD may not have 3D nVidia support, but as of 4.4 has hardware accelerated GL on Intel and ATI. No mention of either of those in the grandparent post though (and ATI has closed-source drivers on Linux, too).
Famous OpenBSD developer Ben Franklin once said "they who can give up essential security to obtain a few features, deserve neither security nor features."
Or something like that.
except that the Apache that comes installed with OpenBSD is far different than the one you'll find on apache.org. Last I heard, there are about 4000 lines of code difference. They maintain that as part of the base. It is more secure than the stock apache you'd find elsewhere.
And this isn't coming from some AC. I've used OpenBSD since 3.4. I've seen the implementation of wireless, bluetooth, WPA/WPA2 without the "linux_supplicant" bullshit. Massive changes to PF, bioctl for raid, sound upgrades, DRI for 3D, OpenBGPd, OpenOSPFd, our own implementation of mail (ripping out the modified sendmail). All without an NDA.
We are the tortoise, not the hare. Linux/FreeBSD are the prison bitches of companies by signing NDAs just so they can "support" the latest technology. Video cards blobs may work, but when they go tits up, the companies either take forever to fix them, or it's just tough luck... "you don't have enough market share"
It's a popularity contest. OpenBSD won't win it, but we don't need to. I am happy to be sitting at the adult table, not eating the table scraps of the corporate world.
It's all damned lies and statistics!! I mean 47% of all people use statistics to back up their arguments.
Actually the OpenBSD guys rewrote their pkg_* tools (in Perl) some time ago. See http://cvs.openbsd.org/papers/ven05-espie/index.html for more information. On FreeBSD you still have to use old pkg_* tools that are not so sophisticated. On the other hand in FreeBSD you have the portinstall/portupgrade stuff since FreeBSD software installation process is more focused on support for installation from source...
That does not necessarily mean that GPL is the right solution for all open-source software,
Never said it was
and please don't suggest otherwise.
(-1, Attacking a Straw Man)
The people have spoken; whether they be users or developers, they prefer GPL to BSD. *BSD sat around languishing in obscurity for years, Linux comes along with a superior license and bingo! Eats *BSD's lunch. BSD is not irrelevant, but it is less relevant.
That doesn't mean that there's no use for the BSDL (well, now we have the Artistic license and others which are arguably better versions of the same) but it does mean that it's far less relevant today, and if users get interested in Software Freedom (a natural progression) then it will be even less relevant.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I don't think that there are many people out there that would claim that OpenBSD is comfortable to use and would make a good desktop system.
There may not be many, but I am one. I use it on my desktop and laptop. There's nothing any other OS offers that OpenBSD doesn't have (well... I'll boot into Windows to play World of Warcraft, but that's it).
Is gaming the only application that needs or benefits from high end graphics?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Is gaming the only application that needs or benefits from high end graphics?
In the context of a home desktop (which was what the GGP was talking about) most likely it is one of the few if only places that you need high end graphics. Most people aren't using their home desktops as render farms or anything else that would require high end graphics card support.
There's an unofficial .iso torrent up on The Pirate Bay, for those finding the mirrors slow. Not a lot of people using it at the moment, but we can change that.
Some of the MD5s are different; I haven't investigated why yet.
________________________________________________
suwain_2
OpenBSD does ship with services turned on though - eg OpenSSH and a few other mostly minor ones. But it is more than just exposed services - how many remotely exploitable kernel vulnerabilities have other systems patched over the last 10 yrs?
I'm no OpenBSD zealot (I'm mainly a Linux user), but OpenBSDs security track record and attention to detail is impressive. Quite often exploits in 3rd party code are mitigated or ineffective on OpenBSD due to measures they have taken.
It's not all roses though - keeping 3rd party apps patched on OpenBSD is harder than say Debian. They just don't have the resources to manage vast repositories like Linux distros do. Which is the big reason I will normally use Debian instead of OpenBSD.
The people have spoken; whether they be users or developers, they prefer GPL to BSD. *BSD sat around languishing in obscurity for years, Linux comes along with a superior license and bingo! Eats *BSD's lunch. BSD is not irrelevant, but it is less relevant.
You must have selective hearing. Let's look at popularity:
Evidence says, users and developers seem to prefer closed source over either GPL or BSD. OS X (with a BSD/Mach kernel) is more popular than linux. FreeBSD, NetBSD, and OpenBSD are more popular than HURD.
If it was just a matter of the license, why aren't you telling us about HURD and it's superior license?
If you want to be honest, you're recognize that there was a confluence of factors (BSD being in a legal limbo, the rise of the internet, etc). If BSD wasn't under a legal taint, Linux wouldn't exist today. If Minix was under a more free license, Linux wouldn't exist today. If the FSF had gotten their HURD shit together, Linux wouldn't exist today.
Do you even lift?
These aren't the 'roids you're looking for.
The people have spoken. Windows beats-out everything else in the world. Linux is not irrelevant, but it is VASTLY less relevant.
1% vs 90% market share.
Clearly, the most popular option is the only one of any importance. That's why all car companies other than Toyota are irrelevant... Never mind that GM was the only relevant car company up until just a couple years ago...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant