Slashdot Mirror
OpenBSD 4.6 Released
pgilman writes "The release of OpenBSD 4.6 was announced today. Highlights of the new release include a new privilege-separated smtpd; numerous improvements to packet filtering, software RAID, routing daemons, and the TCP stack; a new installer; and lots more. Grab a CD set or download from a mirror, and please support the project (which also brings you OpenSSH and lots of other great free software) if you can."
OpenBSD is 14 as of today.
Today would be a great day for even a little gift. ;-)
OpenBSD has had the RAIDframe driver for a long time. This releases is adding some sort of RAID 4 and 5 implementation.
ah, that's super easy, have you ever even tried to read the docs? If 10.0.0.1 is a gateway that people are nat'd behind, something like block in from 10.0.0.1 to 192.168.0.0/24 in pf.conf, done. pfctl -n -f /etc/pf.conf to check that the grammar is correct, and pfctl -F rules -f /etc/pf.conf to reload the rules. If you mean you need to set up the openbsd box to *do* nating it's still pretty simple. All it takes is a quick look at the PF documentation.
"If you plant ice, you're gonna harvest wind."
Right here: http://openbsd.org/lyrics.html#46
Except if you're following installation directions (and for some reason not using bsd.rd, etc, to install), you would be downloading the 6MB cd64.iso, not the 200MB install46.iso. http://www.openbsd.org/faq/faq3.html#ISO
For those that need a bootable CD for their system, bootdisk ISO images (named cd46.iso) are available for a number of platforms [...]. ...
Now if mdadm only had the ease use gmirror/geom does in freebsd, then it might be more widely adopted.
mdadm is a perfectly functional package, but it's setup is quite awkward. gmirror however is a breeze to setup, and it's performance kicks the crap out of most hardware controllers I've tried(admittedly few). I imagine OpenBSD implementation is also a good performer as software raid. This states a 30% speedup for certain cases. http://www.openbsd.org/plus.html
brandelf -t FreeBSD
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nutshell.html#INTRODUCTION-NUTSHELL-USERS
Many, many not listed, one example is php.net.
brandelf -t FreeBSD
In summary, buy the cds they come with cool stickers and they're only $50.
I got my cds in the mail on friday.
Already have the OpenBSD 4.6 stickers on my lappy :D
cyphercell
ps - it really is a drop in the bucket compared to my other work expenses this year.
Funny, I thought that was what CARP and pfsync were. They are for failover but I don't know about clustering and load balancing.
OpenBSD's focus is preventing the exploits in the first place with many overflow vulnerabities in third-party software being non-exploitable on OpenBSD. After running it for 10 years, I trust OpenBSD's record. It has some of the best in the business probing it, and with the most serious flaw in years being a subtle IP6 attack, I think that trust is well founded. If you were to prove otherwise, I'm sure you would instantly be a big name in security.
Although sound design, role security is added complexity which increases scope for vulnerabilities. From coding errors to implementation errors, complexity breeds insecurity. They also create a false sense of security: having implemented RBAC on Solaris I was initially impressed until I realized one could bypass it with suid bombs.
OpenBSD's simple design and sound default permissions mean that even with a local account, it is very difficult to gain root access. The base system is comprehensive so usually there's little reason to go to ports to implement OpenBSD in its perimiter focused role.
You would do well to back up your claim that OpenBSD is snake-oil.
POKE 36879,8
Well, IIUC, that would just entail converting all floors on negative numbers to ceils:
double floorToZero (double n)
{
return (n < 0) ? ceil(n) : floor(n);
}
Well, I beg to differ (what else ;-)
OpenBSD does help you, when something goes wrong:
like for example with immuteable files, or append only files, so no one can delete your logfiles! At least you have the chance to look at what the "bad guys" did. Indeed a very fine feature for a logserver, isn't it?
Or OpenBSD secure modes?
Plus, you can put your WEB-Server in a jail, so *IF* someone breaks into your WEB-Server, well, the whole system is still NOT compromised.
Jails work very well! Maybe even better the the comparative Linux stuff...
And sorry, but SELinux is such a PITA, I've never seen anyone using it, mostly it is simply disabled, because it is the root cause of many problems.
Yes, VMS was a great system, but it is even deader the the *BSDs ;-)
No, really, Application support on (Open)VMS is not so great, and Drivers for many addon-cards are noexistent. So, even if it was (is) good, it is in no way mass compatible.
To me, it seems you tried to put down OpenBSD in favor of something else (no namecalling, please!), but you failed, because your Points are rather incorrect.
But, what should I say more, be happy with whatever OS you're running and may you never be hacked.
So put the floppy image on a USB stick (instead of a floppy disk) and boot from that. Sheesh, do we have to hold your hand, or do you need us to type the commands for you, or what?
If all this should have a reason, we would be the last to know.