Slashdot Mirror
OpenBSD 4.6 Released
pgilman writes "The release of OpenBSD 4.6 was announced today. Highlights of the new release include a new privilege-separated smtpd; numerous improvements to packet filtering, software RAID, routing daemons, and the TCP stack; a new installer; and lots more. Grab a CD set or download from a mirror, and please support the project (which also brings you OpenSSH and lots of other great free software) if you can."
OpenBSD is 14 as of today.
Today would be a great day for even a little gift. ;-)
I just want to give a huge Thanks to Theo and the rest of the OpenBSD developers. They're doing a fantastic job. I'll order my CD soon.
Doing what others only dream... a scheduled release, early!
OpenBSD has had the RAIDframe driver for a long time. This releases is adding some sort of RAID 4 and 5 implementation.
OpenBSD is, if nothing else, a very conservative OS. It's not particularly surprising that they don't adopt the new shiny if their current system is working just fine.
Most distros have at least one or two really good mirrors nearby. Maybe when they don't offer a 4GB file (their install.iso file is 200MB) they don't see the need.
ah, that's super easy, have you ever even tried to read the docs? If 10.0.0.1 is a gateway that people are nat'd behind, something like block in from 10.0.0.1 to 192.168.0.0/24 in pf.conf, done. pfctl -n -f /etc/pf.conf to check that the grammar is correct, and pfctl -F rules -f /etc/pf.conf to reload the rules. If you mean you need to set up the openbsd box to *do* nating it's still pretty simple. All it takes is a quick look at the PF documentation.
"If you plant ice, you're gonna harvest wind."
Right here: http://openbsd.org/lyrics.html#46
Except if you're following installation directions (and for some reason not using bsd.rd, etc, to install), you would be downloading the 6MB cd64.iso, not the 200MB install46.iso. http://www.openbsd.org/faq/faq3.html#ISO
OpenBSD's FAQ explains their choices regarding ISO images.
I like to install OpenBSD from a floppy image - only 1.44 MB! I then choose an FTP mirror and install whatever parts I want on the fly.
For those that need a bootable CD for their system, bootdisk ISO images (named cd46.iso) are available for a number of platforms [...]. ...
Maybe when they don't offer a 4GB file (their install.iso file is 200MB) they don't see the need.
Every openbsd installer I have ever downloaded has been 10MB...
NewslilySocial News. No lolcats allowed.
*BSDs (all of them) still lack HA and failover clustering software.
Ironic in a story about an OS release that features improved HA networking.
Dewey, what part of this looks like authorities should be involved?
Now if mdadm only had the ease use gmirror/geom does in freebsd, then it might be more widely adopted.
mdadm is a perfectly functional package, but it's setup is quite awkward. gmirror however is a breeze to setup, and it's performance kicks the crap out of most hardware controllers I've tried(admittedly few). I imagine OpenBSD implementation is also a good performer as software raid. This states a 30% speedup for certain cases. http://www.openbsd.org/plus.html
brandelf -t FreeBSD
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nutshell.html#INTRODUCTION-NUTSHELL-USERS
Many, many not listed, one example is php.net.
brandelf -t FreeBSD
The story points to plus46.html which isn't useful for a general distribution announcement like this. Here's a much better choice (which includes a link to the plus46.html page):
http://www.openbsd.org/46.html
or
http://www.sigmasoft.com/~openbsd/archives/html/openbsd-announce/2009-10/msg00001.html
for the record, i submitted it with different links. plus46.html was originally linked from the text "and lots more." they "improved" the links in the story before they published it.
if i'm a grammar nazi, you're an illiteracy nazi.
I use it for my father's site-to-site VPN and the ease of configuration of OpenBSD's ipsec.conf makes it wonderful. It is highly reliable and, in the two years I have had it implemented it went down due to the failure of the onboard NIC in a Dell Server. I simply threw in a spare INTEL PRO/100 (em) and it was back up within 5 minutes.
Funny, I thought that was what CARP and pfsync were. They are for failover but I don't know about clustering and load balancing.
When I looked at the release notes sent out by email, I saw this under "New functionality":
"httpd(8) can now serve files larger than 2GB in size."
I'm very surprised by this.
Rock solid, thought through and very conservative.
They have their niche and do their best to serve it as good as they can. I'm very glad that this project exists even though I don't use OpenBSD but various of its offsprings (OpenSSH/SSL, etc.) only.
Theo is a very controversial person but at least he keeps the project on focus and going. Congratulations for that and best of luck for the future.
I don't see myself using OpenBSD anytime soon but I know a few people that do and they are happy with it. So keep going, the community needs you!
OpenBSD's focus is preventing the exploits in the first place with many overflow vulnerabities in third-party software being non-exploitable on OpenBSD. After running it for 10 years, I trust OpenBSD's record. It has some of the best in the business probing it, and with the most serious flaw in years being a subtle IP6 attack, I think that trust is well founded. If you were to prove otherwise, I'm sure you would instantly be a big name in security.
Although sound design, role security is added complexity which increases scope for vulnerabilities. From coding errors to implementation errors, complexity breeds insecurity. They also create a false sense of security: having implemented RBAC on Solaris I was initially impressed until I realized one could bypass it with suid bombs.
OpenBSD's simple design and sound default permissions mean that even with a local account, it is very difficult to gain root access. The base system is comprehensive so usually there's little reason to go to ports to implement OpenBSD in its perimiter focused role.
You would do well to back up your claim that OpenBSD is snake-oil.
POKE 36879,8
Well, IIUC, that would just entail converting all floors on negative numbers to ceils:
double floorToZero (double n)
{
return (n < 0) ? ceil(n) : floor(n);
}
Well, I beg to differ (what else ;-)
OpenBSD does help you, when something goes wrong:
like for example with immuteable files, or append only files, so no one can delete your logfiles! At least you have the chance to look at what the "bad guys" did. Indeed a very fine feature for a logserver, isn't it?
Or OpenBSD secure modes?
Plus, you can put your WEB-Server in a jail, so *IF* someone breaks into your WEB-Server, well, the whole system is still NOT compromised.
Jails work very well! Maybe even better the the comparative Linux stuff...
And sorry, but SELinux is such a PITA, I've never seen anyone using it, mostly it is simply disabled, because it is the root cause of many problems.
Yes, VMS was a great system, but it is even deader the the *BSDs ;-)
No, really, Application support on (Open)VMS is not so great, and Drivers for many addon-cards are noexistent. So, even if it was (is) good, it is in no way mass compatible.
To me, it seems you tried to put down OpenBSD in favor of something else (no namecalling, please!), but you failed, because your Points are rather incorrect.
But, what should I say more, be happy with whatever OS you're running and may you never be hacked.
A far more secure kernel. User-land wise, there is a lot of manual configuration to get things right which Ubuntu just does out of the box.
OpenBSD is certainly faster on a single core system on a dual core system the difference is not as apparent unless running extremely high loads. Hardware support on the other hand - When it supports your hardware, it supports it really well. When it doesn't support it, you're out of luck.
Change is certain; progress is not obligatory.
Can someone recommend a good platform on which to run OpenBSD which will consume the lowest possible power and let me run a Wireless-G and a Wireless-N NIC in master mode at the same time? I also need 100baseT[x]. Ideally it would run from fairly broad DC power (8-18VDC). I want to spend minimal money :) So far in the running are PC Engines, Mikrotik, and Soekris, in my current order of preference from most to least. I'm willing to have my mind changed, though. SD, USB, or CF storage, I don't care.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
My point was that OpenBSD is not a 'secure system', despite being quality code.
It provides no ways to limit or control the system, or to limit access if an attack does occur.
It is good practice to assume that an attack may occur, and be prepared for it.
I never said OpenBSD was snake oil, simply that it is not the secure system people seem to think it is.
And, no, you can't bypass RBAC with SUID bombs if it is set up correctly.
If you ignore ACs because they are anonymous - you're an idiot.