OpenBSD 4.7 Preorders Are Up

badger.foo writes "The OpenBSD 4.7 pre-orders are up. That means the release is done, sent off to CD production, and snapshots will turn -current again. Order now and you more likely than not will have your CD set, T-shirt or other cool stuff before the official release date. You get the chance to support the most important free software project on the planet, and get your hands on some cool playables and wearables early. The release page is still being filled in, but the changelog has detailed information about the goodies in this release."

Most important free software project?

[Tiger4]

Just begging for it aren't you?

Prepare for incoming!!

Re:Most important free software project?

Duh. OpenSSH... ever heard of it? Redhat, Solaris, Ubuntu, Cisco, Apple, HP, IBM, and everyone else ships it.

Re:Most important free software project?

[Jose]

pffft! don't you read the Financial Post? it has been screaming about Rely on the BSDs for a while...

Re:Most important free software project?

[tzanger]

Just because they created OpenSSH doesn't mean the OS is the most important open source project on the planet.

Re:Most important free software project?

[heidaro]

But *BSD is dying.

Re:Most important free software project?

[elfprince13]

Actually, last I heard, it's got more than 11% laptop/desktop market share in the US.

Re:Most important free software project?

No. MacOS isn't BSD.

Re:Most important free software project?

[Rogerborg]

True dat, but you know who knows that? Me, thee, and Steve Jobs.

Re:Most important free software project?

[elfprince13]

No, but Mac OS X is. Darwin is BSD with a Mach kernel, and a pile of Obj-C libraries.

Re:Most important free software project?

And it seems he's fine with straight black males too. How odd.

Re:Most important free software project?

[eugene2k]

"BSD with a Mach kernel" - so umm... what makes it a BSD then?

Re:Most important free software project?

[Sancho]

It's the BSD userland.

People in the Linux mindset probably don't understand how BSD is structured. FreeBSD is a kernel and userland, whereas in GNU/Linux, Linux is the kernel and GNU is the userland.

Whether this makes it a BSD is up for discussion, just as is any denotation. More accurately, it is "built from BSD."

Re:Most important free software project?

[evilviper]

Just because they created OpenSSH doesn't mean the OS is the most important open source project on the planet.

OpenSSH was a huge improvement in the security of networks the world over, but it's not at all the only thing OpenBSD has contributed to the world.

Certainly, OpenBSD's development of W^X security led to Microsoft doing the same, and Intel/AMD including instructions to make this easier...

OpenBSD's focus on code correctness and licensing has caused them to lead, and have Linux and other BSDs follow... They announced their dropping of Xfree86 in favor of Xorg before anyone else, and very soon after Xfree86 was no longer found on any OSes. Their objections over the performance, code complexity, and licensing of GCC4 led to them pushing alternative compilers forward, and other projects (like FreeBSD) followed suit, pushing hard to move their favored alternative compilers forward.

There's many more, but you'll have to wait for someone else to come up with a list...

Re:Most important free software project?

[jgrahn]

Just because they created OpenSSH doesn't mean the OS is the most important open source project on the planet.

OpenSSH was a huge improvement in the security of networks the world over

Well, we already *had* the original ssh, but it was being weakened by the original author's effort to build a company around it. OpenSSH saved it,

Re:Most important free software project?

[evilviper]

Well, we already *had* the original ssh, but it was being weakened by the original author's effort to build a company around it. OpenSSH saved it,

SSH1 was cryptographically weak, wasn't remotely as exploit-free, and much more than that, it wasn't being widely adopted... No SSH in Solaris, Cisco routers, etc., until OpenSSH matured, and showed everyone where the future undeniably was.

Perhaps the biggest thing OpenSSH had going for it, was that it was adopted into the OpenBSD base system immediately, and RSH protocols were removed. That definitely got the ball rolling.

Re:Most important free software project?

[randomsearch]

Agreed on the "most important" hyperbole.

It's a daft and provocative statement. If running the internet is what matters, then Linux or Apache would be more obvious candidates. Still, daft thing to state.

RS

Re:Most important free software project?

Bloody hell, of course they are not going to say in their *own* announcement that they are *not* that important compared to other open source projects.
It is *their* product and for *them* it is the most important free software project in the whole known and unknown multiverse (see they already watered it down to a single dimension planet just for you slashdot crowds).
What is the matter with you? Empathy bucket was empty when it was your turn in the waiting queue? Or is your own very successful open-source project still not over its minority complex?

Re:Most important free software project?

[buchner.johannes]

The OpenBSD also contribute back rewrites and fixes of insecure/buggy open software projects. For example in X.

Re:Most important free software project?

[RichiH]

While true, this argument misses the point that they are not "the most important free software project on the planet".

You are basically arguing about a different thing than the rest of us.

Re:Most important free software project?

[sdiz]

GCC is more important, if you ask me.

Re:Most important free software project?

[TheRaven64]

Really? Clang 1.1 can compile pretty much all of the code that I use. I could ditch GCC tomorrow without any problems, but ditching OpenSSH would be a lot harder.

Re:Most important free software project?

[TheRaven64]

Please stop repeating nonsense.

Darwin is a member of the BSD family. The XNU kernel originally was a single server Mach microkenel running a 4BSD kernel. The Mach components are now reduced and most of the kernel code is either from FreeBSD or from Apple, but it's as much of a BSD descendent as OpenBSD. The Mach part of the kernel manages threads and memory, nothing else. The UNIX process model, all UNIX system calls, SysV and POSIX IPC, the networking stack, and so on all run in the BSD server. On OS X, unlike some earlier Mach systems, the BSD server lives in the kernel's address space and accounts for most of the ring-0 code that an OS X system is running.

On top of the XNU kernel, Darwin has a userland that gets a lot from FreeBSD, but some things from other sources. The init system is Launchd, which is a home-grown Apple system (now open sourced). The libc is from FreeBSD, but quite modified. The libstdc++, standard shell, and a couple of other things are from the GNU project.

OS X is Darwin with a lot of proprietary stuff on top (the audio stack and windowing system, for example).

Re:Most important free software project?

[evilviper]

While true, this argument misses the point that they are not "the most important free software project on the planet".

It doesn't miss the point at all, it's merely more facts to support the claim. Certainly far from undeniable proof, but the fact that you don't care about the relevant facts just indicates you believe the answer to be a foregone conclusion.

You are basically arguing about a different thing than the rest of us.

No, you're simply reading "a different thing than the rest of us."

Re:Most important free software project?

[RichiH]

It doesn't miss the point at all, it's merely more facts to support the claim. Certainly far from undeniable proof, but the fact that you don't care about the relevant facts just indicates you believe the answer to be a foregone conclusion.

Which, in turn, means you think the answer is a foregone conclusion, as well.
Debating the point is moot, but if we assume that we both could err, the statistical chance of "out of n samples, x is the most y" is a lot less than of "out of n samples, x is not the most y".
If we assume you can not err, you must be God or an OpenBSD person ;)

Jokes aside, I am not sure which the most important single piece of FLOSS is or even what scope is the right one and how to weigth the various facts. If someone claims they do, they are free to do so, but I just might pull their leg instead of agreeing.

Re:Most important free software project?

[evilviper]

Which, in turn, means you think the answer is a foregone conclusion, as well.

False logic. Listening to an argument (or even offering some evidence supporting one) does not presuppose a decision, one way or the other (though one MIGHT infer some bias from it). Dismissing arguments, with no attempt to judge their veracity, immediately indicates prejudice (by definition).

Debating the point is moot, but if we assume that we both could err, the statistical chance of "out of n samples, x is the most y" is a lot less than of "out of n samples, x is not the most y".

Yes, you have a statistically better chance of betting against someone, but this is not a bet. We are not operating in lieu of evidence, which substantially improves those odds.

Jokes aside, I am not sure which the most important single piece of FLOSS is or even what scope is the right one and how to weigth the various facts.

Yes, in the very least, it's heavily biased if you include any project which happens to be much larger than others, and/or encompasses many smaller, only partially-related projects...

Re:Most important free software project?

[RichiH]

False logic. Listening to an argument (or even offering some evidence supporting one) does not presuppose a decision, one way or the other (though one MIGHT infer some bias from it). Dismissing arguments, with no attempt to judge their veracity, immediately indicates prejudice (by definition).

So, basically, you get to pull the "I did not say that card" while I am stuck with being the evil, headless guy who did not even try to value your arguments? Cool.
Just for the record, I read, understood and even made part of the points you made in another subthread. Still, my basic point remains: OpenBSD is, in my opinion, not the single most important FLOSS project. And that's even when you throw in their admirable stance on closed-source firmware.

Yes, you have a statistically better chance of betting against someone, but this is not a bet. We are not operating in lieu of evidence, which substantially improves those odds.

Only if you assume that the initial statement is true. Feel free to do so, but give others the chance to disagree.

Yes, in the very least, it's heavily biased if you include any project which happens to be much larger than others, and/or encompasses many smaller, only partially-related projects...

Larger than GNU, Linux and FreeBSD, for example? Even Darwin is "larger" and arguably open source. OpenBSD may encompass a lot of stuff and feed patches upstream, but so do others.

The funny thing is that you are trying to convince me that your choice (and let's not play games, you _do_ agree with what OP said) is the only right one while all I am saying is "I am not even sure how to judge which the best one is".
It's OK for you to think this, really it is. But when you try to "prove" it without even setting up some basic rules for judgement, I am not sure how seriously I can take you.

Re:Most important free software project?

[evilviper]

After several replies, the only thing I've learned is that your reading comprehension is, apparently, quite poor. Are you a non-native English speaker by chance?

Only if you assume that the initial statement is true.

I was talking about statistics, and judging claims. Not only does it not require "assuming" anything, it is meaningless if you are going to just assume something...

So, basically, you get to pull the "I did not say that card" while I am stuck with being the evil, headless guy who did not even try to value your arguments? Cool.

It's a simple fact that I stated no opinion, while you did, in the same breadth as saying my "arguments" "[miss] the point". You can backpedal as much as you please. I'm not trying to stick you with anything.

Still, my basic point remains: OpenBSD is, in my opinion, not the single most important FLOSS project

That might be valuable to debate, but so far, you haven't provided any reasoning for that assertion, except to say that, statistically, since only one can be the "most", it's unlikely than any given on, in fact, is.

Larger than GNU, Linux and FreeBSD, for example?

Once again, you're talking completely off the subject. I was pointing out the difficulty in comparing different OSS project, and you somehow turn that into me claiming that OpenBSD is the largest...

I will say that, OpenBSD's scope is certainly larger than Linux or all of GNU... Linux just being a kernel (OpenBSD has a kernel, which supports the overwhelming majority of the same things) and GNU being userland and more (which OpenBSD also has).

The funny thing is that you are trying to convince me that your choice (and let's not play games, you _do_ agree with what OP said) is the only right one while all I am saying is "I am not even sure how to judge which the best one is".

A) You're completely and totally wrong in your notion of absolutely everything I have said in this discussion.
B) You certainly have no idea of my opinion, and I doubt anyone could hope to judge anything about it from the little I have revealed here.
C) You've repeatedly stated your conclusion, so, apparently, you DO in fact, believe you know how to make such a judgment. Claiming you do not, is talking nonsense, and is inherently contradictory... "Gee, I have no idea how to decide who is right, but I do know that you are wrong..."

Re:Most important free software project?

[RichiH]

Disclaimer: We will probably end up agreeing to disagree. Or I will do it one-sidedly.

Are you a non-native English speaker by chance?

Yes, I am. Not sure how that is relevant, except inasmuch that non-native speakers who speak the foreign language on a high level tend to use, and read, it a lot more deliberatly.

It's a simple fact that I stated no opinion, while you did, in the same breadth as saying my "arguments" "[miss] the point". You can backpedal as much as you please. I'm not trying to stick you with anything.

So... Someone says "X is the most important". Someone else replies "No, it is not the most important even though Y". Then, you jump in to say, and I quote "OpenSSH is just a small part of why OpenBSD is so important." and then go on to list reasons why it's so important.
You are free to think that and as I said you are even right with lots of what you said.

But to say that, given the context of where you said what, you did not argue either way; simply listing a few barely related facts? Sounds fishy to me ;)

Circumstantial evidence may not be water-tight in a court of law, but... come on...

That might be valuable to debate, but so far, you haven't provided any reasoning for that assertion, except to say that, statistically, since only one can be the "most", it's unlikely than any given on, in fact, is.

Which is true, isn't it? :)

Once again, you're talking completely off the subject. I was pointing out the difficulty in comparing different OSS project, and you somehow turn that into me claiming that OpenBSD is the largest...

I will say that, OpenBSD's scope is certainly larger than Linux or all of GNU... Linux just being a kernel (OpenBSD has a kernel, which supports the overwhelming majority of the same things) and GNU being userland and more (which OpenBSD also has).

So the only one which I listed of which you do _not_ think it is smaller is FreeBSD? Seems my guess was not _that_ bad.

We might argue that even a single application like the GIMP makes up a lot in size. God (i.e. you) forbids I would pull Debian out of my hat.

You're completely and totally wrong in your notion of absolutely everything I have said in this discussion.

Same to you :)

You certainly have no idea of my opinion, and I doubt anyone could hope to judge anything about it from the little I have revealed here.

Not beyond any doubt, agreed. But beyond any reasonable doubt. At least in my opinion. Which you don't share. Which is fine.

You've repeatedly stated your conclusion, so, apparently, you DO in fact, believe you know how to make such a judgment.

Erm, yes. That's some fine logic there.
Let's suppose you look at a group of a few dozen trees. One of the trees is definitely smaller than several others. Someone approaches you and tells you "this is the largest one." Are you able to able to say with confidence that it's not the largest, even though you are not sure if you are talking about heigth, volume, span, or pretty much anything else other than root length?

In any case, I hope I could clear up some points. If not, that is fine, too. We would be wasting each other's time if we carried on ;)

Subjective summary is subjective

[PFAK]

"You get the chance to support the most important free software project on the planet"

What? This sounds like something Theo or a GNU zealot would write ...

Re:Subjective summary is subjective

[Beelzebud]

To me it just sounds like someone enthused about something they enjoy being a part of...

Re:Subjective summary is subjective

[bsDaemon]

OpenBSD is also responsible for, among other things, OpenSSH, OpenBGPD, and OpenNTPD -- all three of which are widely adopted and used far, far beyond the sphere of influence of even OpenBSD itself. OpenSSH accounts for some 90% of all SSH deployments world-wide. Whether you know it or not, OpenBSD-related software enables quit a bit of the internet infrastructure.

Re:Subjective summary is subjective

[timmarhy]

spend some time on the mailing list, you'll see why it's a marginalised project.

the funny thing is i really really wanted to like openbsd, i tried it on some production systems. lack of hardware support, problems with upgrading combined with the 6 month release cycle forcing you into the upgrade senario just made the whole thing too hard.

Re:Subjective summary is subjective

[Hurricane78]

Two words: Linux kernel!

Re:Subjective summary is subjective

[onefriedrice]

As good as the Linux kernel is, there are viable replacements with arguably better licensing terms. On the other hand, the likes of OpenSSH are so good (and so widely used) that most people couldn't name a single ssh alternative.

Re:Subjective summary is subjective

[MrNaz]

11 words.
The Linux kernel would not be securely accessible remotely without OpenSSH.

Re:Subjective summary is subjective

I don't think anyone's saying that OpenBSD is useless. But to call it the "most important" project is to invite criticism.

What compiler/toolchain do open source projects use? Gcc & binutils. Now, there's pcc, and the much-more-promising clang, and there is work on replacing binutils. But even if GNU gets replaced by those, you can't deny that GNU was/is instrumental in free software projects.

OpenSSH is used in tons of places, but so is Apache. So is Apache one of the most important projects? Firefox has become pretty popular. Is it one of the most important projects? FreeBSD is much more widely used than OpenBSD. Is it more important? And so on. The fact that OpenBSD has contributed to free software doesn't mean that others haven't, or that OpenBSD is somehow superior.

Re:Subjective summary is subjective

[deniable]

How does OpenSSH do without GCC?

Re:Subjective summary is subjective

[onefriedrice]

How does OpenSSH do without GCC?

Err... fine. Do you think OpenSSH only compiles on the gnu compiler?

Re:Subjective summary is subjective

[ftobin]

After looking into a replacement for NTPD, OpenNTPD was a terrible option. If I recall correctly, all it did was a very simplistic setting of the time from what the server says. No slewing, no safety mechanisms, etc. I remember reading that it was simply designed for simplicity, not features, but it went way overboard.

Re:Subjective summary is subjective

Wrong.

Telnet + IPSec would do it.

Re:Subjective summary is subjective

[OttoM]

Not true. It is simple, but it does slewing and rules out bad servers etc.

Re:Subjective summary is subjective

[mwvdlee]

How does a 6 month release cycle force you into an upgrading scenario any more than the release/patch cycle of any other OS does?

Re:Subjective summary is subjective

Two words: Linux kernel!

Two things in that:
System V
BSD

Might research where your code comes from (the basics, not the fancy add-ons).

Re:Subjective summary is subjective

Still doesn't mean the OpenBSD itself is relevant.

Re:Subjective summary is subjective

[timmarhy]

because after 2 releases they stop making security updates. other OS's go a hell of a lot longer before they EOL their releases.

i've had this arguement with openbsd people before. what it comes down to is openbsd is their toy and they like constantly updating rather then doing mundaine shit like patching old versions.

all well and good, it's their project they can do as they please, but don't pretend that it's a superior server OS, because it simply doesn't cut it if you don't have patch support after just 12 months. there's plenty of secure systems with more features and longer EOL's that make openbsd more trouble then it's worth.

Re:Subjective summary is subjective

[ftobin]

My mistake on the use of the term slew; what I meant to get across is that it doesn't do any of the clock-slowing stuff that NTP or chrony does. All it did was get a packet and set the time. I'm pretty sure it didn't do any backing off or the like. I can't find any good references at the moment, but it was jaw-dropping inappropriate, especially for a situation where we have to keep all of our servers within a dozen microseconds or so.

Re:Subjective summary is subjective

[OttoM]

Wrong again. It does do clock slowing or speeding up. Both to get the clock right and to compute a persistent clock frequency adjustment. It does NOT just set the clock. I don't know which version on what platform you were testing. Maybe your port was terribly done. But on OpenBSD it works like a charm for almost any purpose.

Re:Subjective summary is subjective

dropbear for embedded

Re:Subjective summary is subjective

Oh? I'm just imagining the IPSEC support in the linux kernel then?

Re:Subjective summary is subjective

How does OpenSSH do without GCC?

This one have not heard of LCC.

Re:Subjective summary is subjective

[TheRaven64]

It, along with the rest of the OpenBSD base system, now compiles with PCC. It also compiles with clang and, last benchmarks I saw, performed better when compiled with clang than with GCC. So, I guess the answer to your question is 'better'.

Re:Subjective summary is subjective

[ftobin]

OpenNTPD does not account for hardware drift, which is what I attempted to describe in my second post. Multiple hits on google for "openntpd hardware drift" support this. Unfortunately the OpenNTPD docs do not say what they don't do with regards to NTPD or chrony, so you don't know what you are missing. Without clock disciplining, all it's really doing is setting the time.

From http://www.advogato.org/person/dtucker/diary.html?start=52

The comment about clock disciplining (compensation for systematic skew or drift) is a fair point, within limits.

From their design goals http://www.openntpd.org/goals.html they are not trying to be as accurate as NTP, which they give as a response to claims of not being as accurate as NTP in the OpenBSD manual (http://www.openbsd.org/faq/faq6.html#OpenNTPDaccurate)

Reach a reasonable accuracy. We are not after the last microseconds.

As someone else has pointed out, given the lack of features that OpenNTPD provides, calling it "NTP" is misleading; it's like calling "telnet" "ssh". It's a step backwards in terms of functionality and accuracy, especially since they don't document up-front what they don't support with regards to what is considered standard.

Re:Subjective summary is subjective

[OttoM]

The advogato [post is outdated. Since them quite a few things changed. Look at the code and the manual page:
ntpd uses the adjtime(2) system call to correct the local system time without causing time jumps. Adjustments of 32ms and greater are logged using syslog(3). The threshold value is chosen to avoid having local clock drift thrash the log files. Should ntpd be started with the -d or -v option, all calls to adjtime(2) will be logged. After the local clock is synchronized, ntpd adjusts the clock frequency using the adjfreq(2) system call to compensate for systematic drift.
Again, for the majority of use cases, OpenNTPD does achieve an accuracy that's good enough and even better than that.

Re:Subjective summary is subjective

[ftobin]

Fair enough that the situation has improved. Do you know if portable OpenNTP has this functionality? I've read in multiple places that only non-portable version has this functionality; only 4.x and above has disciplining, and portable has been at at 3.9 for since 2006.

I still find it disingenuous that OpenNTP uses the NTP name but does not go to any lengths to indicate what they don't support.

Any way one goes about it, I find little reason to look at openntp in contrast to chrony, which is just as simple to setup as OpenNTP, more accurate than NTP, more feature-rich than OpenNTP, and has been around a lot longer.

Re:Subjective summary is subjective

[ftobin]

After doing some research and looking at the manpage for openntpd 3.9, the latest portable release, the manpage does not have the documentation you're referring to, leading me to believe that disciplining is only in later versions that only are applicable to OpenBSD. If having any discussion about the benefits of OpenNTPD it should be made clear that disciplining (a feature I consider crucial) is only available on OpenBSD.

Re:Subjective summary is subjective

[pandrijeczko]

...and AT&T UNIX is responsible for TCP/IP without which OpenSSH, OpenBGPD & OpenNTPD would be irrelevant... bleh bleh bleh...

The clue is in the word "Open" - i.e. open specification so you can compile it on pretty much what you want, even though you may have built it originally on a specific OS.

Jeez, you guys are worse fanbois than that Apple crowd...

Re:Subjective summary is subjective

[pandrijeczko]

PS. Is it true the "BSD" stands for "Big Superiority Disorder"? I thought we free software types were kind of on the same team but you guys have got it *BAD*!

Re:Subjective summary is subjective

[bsDaemon]

TCP/IP, as implemented, is brought to you by BSD. Same with Vi and very many other things. The TCP/IP implementation which won the final DARPA approval was implemented by Bill Joy, mostly by himself (same with the original vi). However, I do agree with you that open standards and specifications are the key.

Re:Subjective summary is subjective

[bsDaemon]

I'm not saying OpenBSD is "the most important" f/oss project, I'm just saying that OpenBSD in terms of the OpenBSD Foundation and all the projects it oversees really deserves a lot more credit than people usually give it. I don't use OpenBSD itself, but I make my living via FreeBSD as I have via Linux in the past. I still value OpenSSH more than pretty much any other free software project besides maybe gcc, and then there are other compilers like clang and pcc that i'm more intrigued by.

Re:Subjective summary is subjective

[ld+a,b]

Still, nontrivial programs only compile in PCC in x86 if nothing has changed as PCC doesn't really work with the old OpenBSD version of GAS for amd64 and other back-ends aren't mature enough.

Clang is great for a C++ app, but some optimizations and deviations from GCC behavior are weird and could create new bugs silently. They did for some of my programs. Many times the optimizations are technically right, relying on undefined behavior, but they still kill without a warning. They helped me to improve my code, but I for one wouldn't like to be an early adopter.

Re:Subjective summary is subjective

[NicM]

It is a volunteer project - there is only one full time developer - and like all such it is a compromise between support and new features, and it happens that at the moment most people prefer doing development rather than maintenance. If everyone was interested in maintenance, OpenBSD releases might have a longer lifetime, but development pace would be considerably slower.

The fact is that as OpenBSD, unlike Linux, does not have large commercial backers, so unless people donate their time and money to work on the things they consider important, it becomes unlikely to happen. Perhaps you would like to donate some of your time to supporting older releases? I can say with some confidence that if you prefer just to complain, most OpenBSD users and developers will care very little for your opinions.

Note that there are commercial organizations providing OpenBSD support if you require it.

I don't know where you get your ideas about poor hardware support, OpenBSD hardware support is not hugely worse than, for example, FreeBSD, and better in some areas.

But I want it now

[MichaelSmith]

Thats how people think these days. They don't care about having the three CDs in their soft shell case. The T shirt probably won't fit (I have a NetBSD shirt which would fit two of me).

So charge for an ISO download. Get'em out the door. Save money on CD burning, etc.

Re:But I want it now

It's the artwork, the posters and the security of an official CD set. These things are collector items. Some of the old versions sell for hundreds of dollars. Just because no one does it this way anymore makes it even more special. In fact, that is the main reason why OpenBSD stands out. They find good ways to do things and stick with it.

Re:But I want it now

[icebraining]

You can choose the TShirt size from S to XXXL. I really hope that some of those sizes fits you :)

Re:But I want it now

[deniable]

What definition are they using? I'm a large 'Made in India,' but an XL/XXL 'Made in China.'

Re:But I want it now

is this still about t-shirts?

Re:But I want it now

[techno-vampire]

And then again, there's SF fandom, where XL is considered medium. Says a lot about how fat some of them are, doesn't it?

Re:But I want it now

[Xipher]

If you want to do it that way you could just donate money and grab the ISO when it's available, or build your own off the stable branch.

Re:But I want it now

So charge for an ISO download.

Can't one just download it and give a donation?

Problem solved.

Re:But I want it now

[aztektum]

(I have a NetBSD shirt which would fit two of me).

Obviously you are not the target audience. I suggest an immediate increase in the consumption of Mtn Dew, Cheetos and pizza, followed by a rigorous session of WoW

Re:But I want it now

[contrapunctus]

I think if you stopped with the first sentence it would have been funny. Adding the second sentence made it mean and trolly.

Re:But I want it now

[evilviper]

You'll get the CDs BEFORE you can download the ISO. That should be sufficient incentive for those who can't wait to pony up some cash.

Re:But I want it now

[techno-vampire]

I'm not fat, but I am involved in SF fandom. Believe me, some of them are very, very fat. And, I must say, they joke about it instead of getting offended if you mention it.

Re:But I want it now

[that+this+is+not+und]

What if I just want the CVS update instead?

Re:But I want it now

[Rhaban]

Does WoW even run on openbsd?

I'd suggest nethack instead. Just bringing back the amulet of Yendor once should be enough for his shirt to fit him.

Re:But I want it now

[the_B0fh]

when you come up with a working model for charging for ISO downloads for an *OPEN SOURCE* project, come back and tell us.

Re:But I want it now

[the_B0fh]

then go do it. You can even run openbsd 4.8 (they just call it -current).

Re:But I want it now

Why would you run proprietary crap? hack is available in base, and a whole deal harder than NetPussy.

It is the most important open source project.

OpenSSH is just a small part of why OpenBSD is so important.

They're basically the only major operating system project that gives a damn about security. Sure, Linux, for instance, is better than Windows when it comes to security. But that's only because Microsoft has fucked up Windows' security so badly.

The OpenBSD developers, on the other hand, are proactive about security. Their coding practices and extensive code reviews prevent bugs and security problems in the first place.

OpenBSD is what you use when you need a system that's secure, stable, and will work for years without being touched. It's excellent for embedded systems, and is excellent for servers. We have some internal OpenBSD servers that haven't been rebooted in six years.

This utmost care permeates the entire OS. It makes it as close as we can get today to "perfect software". The only other project as close to OpenBSD in terms of quality and security is FreeBSD, which benefits a great deal from the code reviews and effort that the OpenBSD devs put in.

Re:It is the most important open source project.

[DAldredge]

What exactly is wrong with Windows Server security?

Re:It is the most important open source project.

What exactly is wrong with Windows Server security?

surely you are joking.

im not the parent, but they said

Sure, Linux, for instance, is better than Windows when it comes to security.

have you seen the statistics on the zombified machines that make up the botnet, in regards to what OSs the vast, vast, vast majority of them are running? now ok, one might say thats not a fair method of polling considering the fact that MS has the majority of the marketshare--- but lets try to see things on both sides here, how about the fact that the last several MS OS's didnt require you to set an administrator password when you installed the OS? i mean, really.....

what really troubles me is that with the amount of money that MS has, and the amount of really skilled and knowledgable people they have working for them, they by all far means should be doing a much, much, much better job at releasing secure OSs. im not some total unix zealot here, i usually end up managing windows based networks just because for most end users, its the most practical solution by far --- but i would never put an essential production server up between my network and the net that was running windows to 'secure' it. no way. no way ever. id (MUCH) rather have a >1ghz socket7 based mobo running freebsd 4.x and iptables with kernel options like tcp.blackhole in between my network and the net any day of the week instead of even the flagship MS Server OS and its top end recommended hardware.

MS does well what MS does well, and that is making OSs that even a not all that knowledgable person can, with some time in reading, and alot of trial and error, make work in a way that is easy to understand even to the not so computer literate person--- and this is where any decent *nix distribution fails.

but what MS does not do well is security. not at all.

Re:It is the most important open source project.

[duane534]

The fact that home users are the ones least knowledgeable to adjust from defaults, the least likely to block ports, the least likely to consider other server options, et al., and Windows Home Server is based on Windows XP.

Re:It is the most important open source project.

[DAldredge]

No Windows Home Server is based on Windows Server 2k3 SP2. Also modern Windows Servers and Clients come with nearly every port blocked by default.

Re:It is the most important open source project.

[DAldredge]

Not that I expect a coherent respond from someone who can't type I'm correctly but here goes. You wrote 3 rather long paragraphs yet still didn't manage to name one Windows Server related security issue, would you like to try again?

Re:It is the most important open source project.

This is the stupidest thing I've read in a while. "Half of it" isn't because people don't understand how to use OpenBSD. If you've used any type of Unices before, you wouldn't find OpenBSD that much different. People don't like going the extra mile to chroot services, setup jails and properly configure things from a top-down perspective. THAT is why OpenBSD isn't popular. Thinking that somehow it's magically safer because nobody uses it is just plain backwards.

Re:It is the most important open source project.

[e9th]

OpenBSD, while is very secure, does owe some, if not a lot, of it's security to security through obscurity.

Security through obscurity? What are you talking about? Name a better documented OS or distro.

New (and not so new) users are well-advised to keep the FAQs bookmarked, but the man pages shipped with the distribution are the most comprehensive I've ever seen. Terse, maybe, but complete, and the developers treat errors/omissions seriously.

Maybe you meant security due to small market share? Don't you think that every wannabe cracker out there wants to make a name for himself by rooting a properly configured OpenBSD box?

Re:It is the most important open source project.

[cheezitman2001]

For what it's worth, I consider myself to be a very adept Windows user, having started on DOS, and I don't have an Admin password in Windows 7. I'm the sole user of this computer, I don't run any shady software, and I don't visit any shady websites. I haven't gotten a virus yet. In the Linux world, the security of the admin account is much more important than it is in Windows, and I don't think there's anything wrong with not setting an admin password in Windows.

Re:It is the most important open source project.

What exactly is wrong with Windows Server security?

Only a fool who has never used OpenBSD would ask such a question.

Re:It is the most important open source project.

[DAldredge]

Why can't anyone actually answer the question I asked?

Re:It is the most important open source project.

OpenBSD servers that haven't been rebooted in six years

Excuse me, but I call bullshit. If you'd like to post a link to a monitor image with the output of "w" or "uptime" it would be a Good Thing. I like OpenBSD as much as the next guy (I'm a FreeBSD person myself) but this sort of nonsense needs to stop. The OpenBSD people themselves would probably tell you to upgrade and screw the uptime. (As an aside, my personal best is 719 days, but I try and keep it under control.)

Re:It is the most important open source project.

Theo, is that you?

Re:It is the most important open source project.

do you know what you're talking about? I'll take a gander and tell you: you're a fucking idiot.

the ability to have an admin in windows without a password is the reason for the security risk *by itself*. It's bad enough that malware and the likes can escalate their own privileges, but now they don't even have to guess the admin password to do so?

In case you're wondering you can do the same things in windows as admin as you can in linux, generally speaking. This means: screw the computer in an instant, rootkit it, etc.

I haven't gotten a virus yet.

is a misnomer. You could (and very likely do) have one, and have no idea, specifically because you have an admin account with no password.

Re:It is the most important open source project.

[duane534]

I stand corrected. Still, however, WHS has the main security issue that XP had: users are all admin by default, as are applications. Just not SUCH a childish-appearing UI. Your common security issues aren't from inbound port scans. I've personally run XP SP3 for months with no antivirus or third-party firewall. No major problems, less you do something excessively stupid like running IE or Outlook Express unrestricted. Problem is, that is what anyone who is running a default installation of Windows prior to Vista is doing. It's generally a moot point, though. Any PC that is new enough to still be running its original power supply can run some incarnation of Windows 7. Any comparable Mac can run Mac OS/X. All of the above can run Linux 2.6. If the only way that a given executable file, including the OS itself, can break something is with user intervention, there is only one word: PEBKAC. Thus, not Microsoft's fault. Neither, Apple's (as much as it pains me). Nor .

Re:It is the most important open source project.

[slimjim8094]

http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx

That's a month ago. Took about two minutes of searching - like I said, it was a month ago so I didn't have to look backwards very far.

Remote code execution on Server 2k3 (all versions), Windows 7, and Server 2k8. Of course, this presupposes that Windows has SMB (hint: yes)

Or do you not consider remote code execution a security issue?

Look. I don't despise Microsoft like most people around here - just a lukewarm pain-in-my-assness. But let's not go pretending that they don't have more holes than Swiss cheese. If you do, you're either too ignorant to comment, or being delibrately obtuse.

Re:It is the most important open source project.

If you want one thing, how about this one: Long time between disclosures and fixes.

SSL renegotiation is still vulnerable in all Windows versions, something OpenBSD fixed in November last year.

Re:It is the most important open source project.

[randallman]

I quit using Windows a few years ago, but does IIS still run as LocalSystem? At the time I thought it was ridiculous to run IIS for that reason alone.

Re:It is the most important open source project.

Not that I expect a coherent respond from someone who can't type I'm correctly but here goes.

A coherent respond from someone who can't type I'm correctly? That's what she said!

Re:It is the most important open source project.

[CAIMLAS]

but what MS does not do well is security. not at all.

I wouldn't argue against that, not even for a moment.

But despite the myriads of host, application, and server level exploits for Windows, the default security policies, and generally poor network server capabilities, there's one thing that sticks out in my mind: have there been any exploits for Microsoft's RDP implementation yet?

I realize that older versions of Microsoft products aren't able to upgrade to the newer versions, but I've never seen a "Terminal Services Root Exploit" as I have with OpenSSH. Maybe I've just not noticed it (I don't pay attention to MS land), but the tool does seem fairly useful.

Re:It is the most important open source project.

[CAIMLAS]

That's a minor quibble of contention. Seriously. It's barely making note of, unless you can identify how Windows Server 2003 is different than XP (aside from the crippling of Terminal Services and the number of connections allowed). Otherwise, they are pretty much the exact same thing.

Re:It is the most important open source project.

[SgtAaron]

I'll not write as causticly as the AC who also replied, but I'll agree in principal.

One thing that is obvious and well-known is that it doesn't matter that you don't visit "shady" web sites to end up being subject to potential malware infection. Ad companies are letting nasty ads get through whatever controls they have in place. Serious vetting and the talent to implement it costs money, no doubt. I just found this, http://news.cnet.com/8301-27080_3-20000353-245.html

My 7 year old nephew's computer was chronically infested and he played games loaded via IE online. These free games sites have lots of ads. No windows virus scanner I tried could get rid of them. Had to use the Trinity Rescue Kit and ALL of its virus scanners to eliminate the infections on one occasion. I don't trust virus scans in windows much anymore. Oh, btw, they were letting him use an account with admin privs. I'm a years-long linux guy, and it's seriously tiring dealing with this, but I'll hazard a guess that you and others of us here are first responders for family and friends' computer issues, so won't get any sympathy :-)

Anyway, I think common sense applies. You're an experienced computer user, but why not be better safe than sorry? Your computer, your rules, certainly, but why take the chance? You have to make it as hard for the bad guys as possible, zero-day exploits and general windows vulnerabilities as common as they seem to be. I wonder if patch Tuesday will some day start a religion?

Re:It is the most important open source project.

[timmarhy]

the fact that the user can migrate from one system to another without having to relearn the GUI and system management options isn't a fault, it's fucking technical victory linux BSD would do well to learn from.

Re:It is the most important open source project.

[Anne+Thwacks]

Thinking that somehow it's magically safer because nobody uses it is just plain backwards.

Thinking nobody uses it is pretty ignorant too. If you were doing online money transfer or telecomms billing, you would probably use it (I use it for these things).

If you use Windows servers for financial transactions, you may have had a dose too many of "KGB" brand brain-wash (available from spamemrs everywhere).

Re:It is the most important open source project.

Call me when they have security frameworks to protect exploited services. It cool to close all your ports by default and all have a safe kernel but how about some protection against zero-days on real servers.

Re:It is the most important open source project.

[Jaime2]

IIS doesn't really run as any specific user. The packet router, HTTP.sys, runs as LocalSystem. However the thread processing the request changes its security context very early in the request processing to a low priviledged account.

http://www.securityfocus.com/infocus/1765

This was all fixed seven years ago. IIS 6 and later have a pretty decent security record.

Re:It is the most important open source project.

[alexandre_ganso]

Any PC that is new enough to still be running its original power supply can run some incarnation of Windows 7.

You forget the fact that windows 7 screwed with drivers severely. We have seven different generations of computers in my department bought through the last thee years (it were several smaller university departments that were joined together, that's the reason of so many purchases), from 3-year hp desktops to 6-month asus notebooks.

NOT A SINGLE ONE OF THEM has all the drivers required for normal operation. You name it: 512mb radeon video cards which run with no 3d, no network, no wifi (my personal machine had 3 different wireless adapters tested, no go), on the portables not even the sound cards and webcams work! And they don't accept vista drivers either.

Amazingly, on several of those machines, as a joke we tested mac os x hackintosh, just to see how it goes. And the hackintosh performed better out-of-box than windows 7. No need to say that ubuntu recognized everything from the start.

So, we are still on windows XP and vista on the newer notebooks.

Re:It is the most important open source project.

[RichiH]

True, and I applaud them for their efforts, some of which make it back to Linux, etc.

But are they, and I quote, "the most important free software project on the planet"? No.

You are right in what you were saying, but you missed the point of what was being discussed.

Re:It is the most important open source project.

The OpenBSD people themselves would probably tell you to upgrade and screw the uptime.

You can always try wether this one still works :-)

http://www.blahonga.org/~art/diffs/epenis-enlargement.20060210

Re:It is the most important open source project.

Sorry, but that is bullshit. Even if it is the greatest OS on earth that doesn't mean it is the most important open source project. Even if it would be the most important OS that doesn't mean it is the most important open source project.

If you want to argue for it being the most important, then say why it is more important than any other open source project. Not why it is more secure than any other operating system.

In my opinion the Apache web server ranks a lot higher in importance than any OS. Without Apache I probably wouldn't even know of anything other than Windows.

Re:It is the most important open source project.

Well let me see:
-Completely open source: Check
-Free to use in any way: Check
-No binary blobs: Check
-Complete security review of kernel code: Check
-Complete and up-to-date documentation: Check

Lets see Linux now for comparison:
Completely open source: Check
-Free to use in any way: NOT
-No binary blobs: NOT
-Complete security review of kernel code: NOT
-Complete and up-to-date documentation: Dream On

So you mean linux is safe using security through obscurity? Because I don't have access to all pieces of code the OS is running and I have them in OpenBSD. Ignorance is not obscurity, if you think that way you have to apply that concept to all OSS alike because most users don't give a damn of what their running.

Re:It is the most important open source project.

[Pop69]

Probably because there's a limit on the amount you can put in a single post

Re:It is the most important open source project.

[whargoul]

Because everyone on /. is a bunch of open source zealots that would rather bash Windows and its users instead of provide any actual feedback. These are the people representing Linux and FOSS and they wonder why Linux hasn't been widely adopted by the masses...gee, I wonder why. Unfortunately I can't answer your first question due to lack of experience, but I thought your second question at least deserved an actual answer.

Re:It is the most important open source project.

What exactly is wrong with Windows Server security?

Only a fool who has never finger their own asshole like me for fun and excitement would ask such a question.

There, fixed that for ya

Re:It is the most important open source project.

[Sancho]

http://www.milw0rm.com/exploits/7309

Here you go, found with a pretty simple Google search.

Also, incidentally, older versions of RDP were susceptible to man-in-the-middle attacks to grab passwords and inject commands. I think newer versions do some certificate checking to verify the server to which they're connected.

Re:It is the most important open source project.

[CAIMLAS]

Are you saying FreeBSD should look like Windows?

Because for the most part, system management options and the GUI (as well as CLI) remain fairly static. Yes, they improve, but otherwise...

Windows, on the other hand, usually preferences said bling changes to actual useful system changes. See: Aero on Vista.

Re:It is the most important open source project.

[DAldredge]

Sure am glad that Linux and other open source projects never have security holes like that.

Re:It is the most important open source project.

[BrokenHalo]

I haven't gotten a virus yet. In the Linux world, the security of the admin account is much more important than it is in Windows

If you so obviously fail to understand what an admin account is for, and why it must be secured, no matter what kind of system you run, I wouldn't be surprised if you had any number of viruses of which you were completely unaware.

Re:It is the most important open source project.

[BrokenHalo]

If Ubuntu recognised everything from the start, and Windows doesn't, why are you still running Windows?

Re:It is the most important open source project.

[raddan]

OK, taking you seriously for a moment. Scroll down for the "where" and "impact" graphs.

Windows Server 2008

And, because Secunia categorizes each OpenBSD release separately...

OpenBSD 4.4
OpenBSD 4.3
OpenBSD 4.2
OpenBSD 4.1
OpenBSD 4.0

Obviously, the most important one in there is "system access", "from remote". Big difference, no?

Re:It is the most important open source project.

[DAldredge]

In the real world Windows 7 runs nearly every Vista driver so do you want to restate your point?

Re:It is the most important open source project.

[alexandre_ganso]

Yes? Try ati drivers. Try wireless drivers. Try soundcard drivers. That's what I expected, being win7 and vista so close to each other. That's what I had NOT.

Re:It is the most important open source project.

[alexandre_ganso]

Because I cannot. My computer runs ubuntu and mac os. The bosses' ones doesn't. I will not be the one who's gonna try that.

Re:It is the most important open source project.

[DAldredge]

I have for all three - no problems. That you do not tell us which actual devices you claim to have had trouble with harms your argument.

Re:It is the most important open source project.

[alexandre_ganso]

Right from memory I have the Ati Radeon X1300 with 512mb ram. Windows says 3d is out - ati says it is in legacy mode and will not have drivers for win 7.

One of the wireless is a Prism/Javelin one.

I have to find out the others. I'm not in my city now.

Re:It is the most important open source project.

[duane534]

3-year hp desktops to 6-month asus notebooks.

NOT A SINGLE ONE OF THEM has all the drivers required for normal operation... And they don't accept vista drivers either... Amazingly, on several of those machines, as a joke we tested mac os x hackintosh, just to see how it goes. And the hackintosh performed better out-of-box than windows 7. No need to say that ubuntu recognized everything from the start.

I call B.S. First, where and how did you buy an Asus laptop that recently with Windows 7 on it? Second, Ubuntu is not going to load proprietary drivers from the start, anyway. I've used it. I've used all of the above. Worst case scenario, Windows Update will grab the drivers from the Internet. Sound and video has been standardized for years. There are plenty of pros for Linux. Don't get me wrong. But HARDWARE SUPPORT, especially support of WEBCAMS is NOT one of them.

Re:It is the most important open source project.

[duane534]

*without Windows 7 on it

Re:It is the most important open source project.

A big nuisance for me is the reboot to patch, typically every other month. (compared to my openbsd firewall, that hasn't been touched for 1500 days, excepting one reboot)

Re:It is the most important open source project.

[adolf]

I have an ATI X300 in my laptop, which is creeping up on being 5 years old. It works fine in Windows 7, with all the 3D and all the bling, using ATI's "legacy" drivers, which (incidentally) were just updated a few weeks ago.

It also worked fine with Vista drivers, before ATI had an official release supporting 7.

*shrug*

The only conclusion I can draw from all of your banter is that you're either incompetent, prejudiced, or both.

Re:It is the most important open source project.

[alexandre_ganso]

X300 is not the same card as the X1300. My one does not have the "bling". It performs really bad with W7, and refused to have any 3d capability on W7.

The only conclusion I can draw is that your hardware is slightly different of mine. Anyway, I don't care anymore.

Re:It is the most important open source project.

[Elshar]

He probably got one of these: Anus Laptops

I've heard they're a pain in the ass to configure.

Re:It is the most important open source project.

[hey!]

But we aren't talking about Linux. We're talking about OpenBSD, arguably the most security conscious operating system in common use today.

While it wouldn't be accurate to say OpenBSD never has any security holes, it is fair to say that remote exploits are exceedingly rare. Since 1996 there have only been two remote exploits in the default install of OpenBSD. While that is as much due to the fact the default install is more locked down than you're realistically going keep your system, that in itself is a reasonable stance to take if you have a belt-and-suspenders view of security.

If it were all just arrogance, they'd ship an OS with all kinds of stuff turned on that users will "almost always" want, claiming that their code review and API changes made that practice safe.

Re:It is the most important open source project.

[Decker-Mage]

As with you I'm usually the first responder when the malware problems really get out of control for someone and it's not just family. Given that level of experience it should be no surprise that every type of active scripting/content (j/javascript, java, activex, flash, etc. ad nauseum), display of any 'off-site' content, and the like is disabled here by default. My web-proxy rewrites the html code to disable it all, among other things, since this has long been a threat vector well before extensions to disable it came along. There are additional layers of defenses {firewalls, multiple os's, IDS/IPS, extensions, again etc. ad nauseum).

Now, if I should need to enable/display such sites, well, I've been using virtual machines (with secure golden images for backup) for browser appliances since software first appeared on the PC (I was one of VMWare's first testers and long time user of VM's on other platforms). True, this is a bit over-the-top for many people but, basically, I don't trust anyone or anything [by default] and I'm wired up here with extensive monitoring to make sure that I live malware free since it wouldnt do at all to infect a client even though I do this kind of work for free. Hell, I've had to live this way for decades since I used to be responsible for keeping whole fora (libraries) of software and other content malware free on Compu$erve ;-).

I wouldn't be surprised though, in the near future, to see operating systems and other verndors begin to take advantage of the bare-metal hypervisor and application virtualization/streaming capabilities in conjunction with golden images as a primary layer of security. It would also help with running corporate applications/content on personal devices, and vice-versa, as well as the never-ending stream of patches and installation thereof. Short of using (non-rewritable/programmable) ROM, it doesn't get much more secure than that, IMNSHO, and I do love secure.

Re:It is the most important open source project.

[adolf]

Oh. Right.

Yours is newer. Slightly.

I know: Let's blame Microsoft! Ya! It's totally relevant in an article about OpenBSD!

Re:It is the most important open source project.

[alexandre_ganso]

Actually, as most discussion in slashdot, it somehow derived to bashing windows. Which is quite a free pleasure, if you ask me.

Re:It is the most important open source project.

[adolf]

Ah. Prejudiced. I suspected as much.

(Yes, I know. Pot, kettle, black.)

Is ugrading OpenBSD still kind of a mess?

[flydpnkrtn]

See the upgrade guide for upgrading 4.5 to 4.6... it's a 280 line upgrade guide:
http://www.openbsd.org/faq/upgrade46.html
 
...on RedHat and CentOS, to go from RHEL 5.3 to RHEL 5.4 I did "yum -y update". That's it.

Can we get there with OpenBSD? At my current place of employment we were using OpenBSD, but the upgrade process was an argument that was made (by other members of my team) to move to RHEL...

Re:Is ugrading OpenBSD still kind of a mess?

[MichaelSmith]

The BSD projects have a great packaging system but it is only used for layered applications. It could certainly be used for the whole system but I think that defeats the "as simple as possible" approach they try to use.

You can install from source and update with cvs if you want.

Re:Is ugrading OpenBSD still kind of a mess?

[flydpnkrtn]

To follow up on my own post, they have a draft upgrade guide up it looks like (they recommend that it not be used yet though):
http://www.openbsd.org/faq/upgrade47.html

Looks like they include a utility to make life easier when upgrading... looks similar to what Gentoo Linux does when config files are upgraded... new configs are diff'd, and can be interactively merged, etc:
"OpenBSD now includes the sysmerge(8) utility, which helps administrators update configuration files after upgrading their system. Sysmerge(8) compares the current files on your system with the files that would have been installed with a new install, and gives you the option of keeping the old file, installing the new file, or assisting you in the manual merging of the old and new files, using sdiff. For past upgrades, we've presented a list of files that are usually copied over "as-is", and a list of files which should be changed, and a patch file that applies those changes to what might be in those files on your system. You may opt to use sysmerge to make the changes, or you may wish to use the patch file first, and then follow up with a sysmerge session to clean up any loose ends."

So it looks like they're at least making an effort to make it less painful

Re:Is ugrading OpenBSD still kind of a mess?

[BeardedChimp]

This is very disingenuous. The upgrade guide contains all possible contigency plans incase you have altered system files, or have chosen not to upgrade the kernel etc.

For example look at the debian lenny upgrade notes. They are way longer but generally debian based distros are considered some of the best for upgrades.

Re:Is ugrading OpenBSD still kind of a mess?

[flydpnkrtn]

I applaud OpenBSD for having good documentation, but again with Debian I remember just doing "apt-get dist-upgrade" and apt "figuring everything out"

Upgrading OpenBSD still looks to be a very manual process, to me anynway....

Re:Is ugrading OpenBSD still kind of a mess?

[Just+Some+Guy]

The funny thing (to me) is that the upgrade process looks a lot harder than it actually turns out to be. On our servers, it usually amounts to running the installer, running patch to update files in /etc, running a single command to upgrade all the installed 3rd-party software, and rebooting a last time to make sure it comes back up cleanly.

In practice, the things that OpenBSD doesn't automatically upgrade with the above steps are the kinds of things you wouldn't want a script to attempt, such as upgrading the firewall configuration to use new features. The process certainly isn't slick or pretty, but it does the job well and safely.

Re:Is ugrading OpenBSD still kind of a mess?

[orient]

Upgrading OpenBSD is a complicated process, but I was able to complete the upgrade following the instructions step-by-step, without even understanding what every command was doing and why. I never found an OS providing such a correct and exact upgrade guide.

Re:Is ugrading OpenBSD still kind of a mess?

[flydpnkrtn]

Hmm... it's entirely possible you're right. I'm not someone who's been using OpenBSD for years, so I was basing my opinion mostly on what I'd seen in the docs.

The way you put it, the upgrade process doesn't sound that bad

Re:Is ugrading OpenBSD still kind of a mess?

Instead of following all of this guide, which is partly for an upgrade without booting from the installation media, you could boot from the CD and select "upgrade", which takes care of installing the news files, including the kernel, and creates the new device files. You'll still have to update your configuration files, though. But this is mostly less painful. As the syntax of the files seldom changes, I run the diff program on my notebook only every few updates, unless I know that some configuration file needs work.

All in all, the upgrade process of the base system takes perhaps 10 minutes, if you can (or dare to) leave your /etc/ files alone. The packages can then later be updated by a single command, like "pkg_add -vui"

As for the magic of single-line-updates: Over the years each of SuSE, Debian and Ubuntu at least once destroyed some of my configuration files automagically. Gentoo and OpenBSD never did that.

Re:Is ugrading OpenBSD still kind of a mess?

[bertok]

To follow up on my own post, they have a draft upgrade guide up it looks like (they recommend that it not be used yet though):
http://www.openbsd.org/faq/upgrade47.html

Looks like they include a utility to make life easier when upgrading... looks similar to what Gentoo Linux does when config files are upgraded... new configs are diff'd, and can be interactively merged, etc:
"OpenBSD now includes the sysmerge(8) utility, which helps administrators update configuration files after upgrading their system. Sysmerge(8) compares the current files on your system with the files that would have been installed with a new install, and gives you the option of keeping the old file, installing the new file, or assisting you in the manual merging of the old and new files, using sdiff. For past upgrades, we've presented a list of files that are usually copied over "as-is", and a list of files which should be changed, and a patch file that applies those changes to what might be in those files on your system. You may opt to use sysmerge to make the changes, or you may wish to use the patch file first, and then follow up with a sysmerge session to clean up any loose ends."

So it looks like they're at least making an effort to make it less painful

Are you kidding me? The upgrade process is for the administrator to manually merge the configuration files!?!?

And this is the improved version? Wow. Just... wow.

I can't believe people here whine about how the Windows 'registry' is somehow the root of all evil, even though the vast majority of Windows apps (and Windows itself) handle version upgrades automatically.

It's like I've time travelled back to the 70s.

Re:Is ugrading OpenBSD still kind of a mess?

[crazybit]

You never found such OS? You should try CentOS, the whole upgrade guide is just 'yum -y update'. It rarely fails, specially if you never did something dumb like installing libraries from sources or such.

Re:Is ugrading OpenBSD still kind of a mess?

I can't believe people here whine about how the Windows 'registry' is somehow the root of all evil, even though the vast majority of Windows apps (and Windows itself) handle version upgrades automatically.

It's like I've time travelled back to the 70s.

The registry is the root of all evil. For example: Outlook ignores the domain policy which defines the location of the .ost-file. So you have to write a program/script, which modifies the mail profile of every user in the registry to ensure Outlook writes to the right place. And we're not talking about a "normal" plain text string, but obfuscated registry crap which you have to write in a key named like "0234ddfe5edee378".

Re:Is ugrading OpenBSD still kind of a mess?

[orient]

No offence, but I used Fedore once, after two days it upgraded the kernel (automatically, security update), then it could not boot anymore. Never used Fedora/RedHat/CentOS since. *buntu upgrades never worked flawlessly either, though.

Re:Is ugrading OpenBSD still kind of a mess?

[evilviper]

See the upgrade guide for upgrading 4.5 to 4.6... it's a 280 line upgrade guide:
http://www.openbsd.org/faq/upgrade46.html ...on RedHat and CentOS, to go from RHEL 5.3 to RHEL 5.4 I did "yum -y update". That's it.

You can just do the OpenBSD upgrade without reading those instructions... as you did with RHEL.

If you'd actually started to read those instructions, you'd have seen they outline basically all feature changes between the previous and current release. See:

scrub in all no-df max-mss 1440

can be replaced with a rule using the new "match" action:

        match in all scrub (no-df max-mss 1440)

Did the yum upgrade automatically make all necessary syntax changes in all corner cases in your config files to adapt them for the newest versions of the software? Obviously not... You're left to figure those out yourself. If the new version of iptables uses different options for some obscure option, you're screwed. Oh well, guess you should have read the RHEL 5.4 errata, which happens to be SEVERAL THOUSAND LINES http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/index.html

Re:Is ugrading OpenBSD still kind of a mess?

Your anecdotal data about Fedora does not change the fact that CentOS' "yum -y update" is far easier than anything OpenBSD has.

Re:Is ugrading OpenBSD still kind of a mess?

[CAIMLAS]

Much of how the BSD systems do things is very "clean" in principle, but in practice sucks the tits right off a cow.

It's so goddamn simple and straigh-forward that it requires an administrator to do one (or more, in combination) of the following:

a) devise an atypical, custom build process for dealing with simple systems administration tasks, upgrades, installs (partially due to the 'simple' approaches not working consistently or being all too finessed).
b) writing custom package/kernel/whatever administration scripts in $language (probably csh) to implement $core_function available on $other_os
c) not upgrading, ever. just put a new version on when you get new hardware.

Case in point: package management on FreeBSD. Everyone does it differently, so scripts (or even the 'package' tools they talk to) you used at a previous job are useless (needing a serious rewrite). And then you've got to contend with the 'hacks' someone put into a package to "make it work" every time you upgrade - usually dealing with a non-trivial daemon process failure, or the like.

Re:Is ugrading OpenBSD still kind of a mess?

[Niten]

I agree. The thing generally missed by people who criticize the OpenBSD upgrade process without having actually tried it themselves, is that OpenBSD is so cleanly designed and well documented that it's actually possible to hold a thorough understanding of the operating system in one's head, so to speak. It's like the Arch Linux philosophy:

Relying on complex tools to manage and build your system is going to hurt the end users. [...] "If you try to hide the complexity of the system, you'll end up with a more complex system". Layers of abstraction that serve to hide internals are never a good thing. Instead, the internals should be designed in a way such that they NEED no hiding.

except applied to an entire operating system, built from the ground up and maintained as a cohesive package.

The result of this is that, unlike with Windows or even most Linux distributions, there's little need for automated upgrade utilities because there's really quite little going on under the hood in the upgrade process. This means little chance of things breaking. And if something does break, you'll know precisely what it was and how to fix it.

I've been burned by even the best of the automated upgrade tools (Debian's). Frankly, OpenBSD is the only operating system I ever try to upgrade in place between major versions any more, because the upgrade process is so straightforward and transparent.

Re:Is ugrading OpenBSD still kind of a mess?

So tempted to call troll, but you probably don't know the lack of truth and aren't one.

So you'll say you only used debian stable and the free repositories. No nvidia card, or at least no nvidia card with 3d support--get your system broken every single kernel update--can't even get video to work after the reboot. Oh, and there's three year old bug with the hardware detection that requires an extra reboot that's undocumented and people keep claiming it doesn't exist.

And then there's the old packages, apt-get autoremove is needed. And then there's what happens if you install even *one* bad package and it ends up partial, and you need to rebuild your repository index... I can't even remember the command it was so convoluted.

Then there's the fact that in Debian you're on a kernel nearly a year old most of the time. What's that--you still can't ship me a system that will let me watch hulu on an AMD64? Oh, I need non-free and more contrib. Oh...yeah, your special version of flash won't let me act normally.

Oh, no 64 bit thunderbird either, or if I can get it, I have to recompile to load enigmail extensions.

What's that you say, don't use 64 bit? And I need to manually specify an SMP kernel to get my multi core to work? Oh, you fixed that. But now I need to manually specify PAE in order to address all of my RAM...

And this won't persist across the last distribution upgrade I did...

Look--Debian doesn't work. Sure, it's great, it's easy. If I want to live in the stoneage of computing. Otherwise, it's customize, tweak, install, look up community hacks, and have them all break horribly every upgrade.

Thanks, I'll stick with the manual process--at least they indicate the parts I should try to understand in advance, instead of dying silently and kicking me back to a shell.

Re:Is ugrading OpenBSD still kind of a mess?

[Magic5Ball]

Yes. Something dumb like using taking advantage of the "open" part of open software to do something the software publisher had not explicitly approved.

Re:Is ugrading OpenBSD still kind of a mess?

[thunrida]

RHEL 5.3 to 5.4 is just artificial patch release. Kind of like service packs with windows. It is trivial to update, when all the programs stay at the same version and config files stay the same. We shall see how easy it will be going from 5.x to 6.x, for this won't be update like 5.x to 5.x+1, but upgrade.

Re:Is ugrading OpenBSD still kind of a mess?

What you do upgrades on production machines like that? No wonder you moved to linux.
Sometimes some functionality is missing on purpose, however in this case it was just low priority, as the argument was moot compared to upgrade strategies that do not damage availability.

Re:Is ugrading OpenBSD still kind of a mess?

You are confusing updates with upgrades.

- OpenBSD release versions are marked differently then RHEL. OpenBSD 4.x is a major release whilst RHEL 5.x is an update aka minor release.
- OpenBSD makes it possible to upgrade your box with to a *ANY* major release, RHEL/CentOS only allows updating to a new minor release. Try yum updating your RHEL4 box to RHEL5... won't work bro.
- Your manager should replace you with somebody that can actually RTFM and interpret facts correctly if that was your only argument to move over to a new platform (migration costs, costs of rewriting system management procedures etc)

Stop spreading FUD about OpenBSD.

Re:Is ugrading OpenBSD still kind of a mess?

[Byzantine]

I think the OpenBSD regards "rarely" as too often. Hence the level of documentation.

Re:Is ugrading OpenBSD still kind of a mess?

[TheRaven64]

Read the bits in bold teletype font. Those are the commands that you need to run. The rest of it is an explanation of what has changed since the last release and how it may affect you. Note also that those are the instructions for remote upgrading. If you have physical access to the machine, just boot from the install kernel + initrd and follow the on-screen instructions.

That said, I'd love it if they'd port the freebsd-update tool. Updating an OpenBSD machine remotely does take a few minutes of interaction, while doing the same with FreeBSD is largely unattended. They also no longer provide package updates as binaries for security fixes and don't have any equivalent of FreeBSD's portaudit tool, which offsets a lot of their 'secure by default' stuff.

Re:Is ugrading OpenBSD still kind of a mess?

Looks like they include a utility to make life easier when upgrading... looks similar to what Gentoo Linux does when config files are upgraded... new configs are diff'd, and can be interactively merged, etc:

Which in turn is a copy of FreeBSD's utility.

Re:Is ugrading OpenBSD still kind of a mess?

[Noryungi]

Yeah, right.
Here is MY OpenBSD upgrade guide:
1) insert CD, select (U)pgrade.
2) once upgrade is finished, enter, as root: "pkg_add -vvv -u -F upgrade"
That's it. I have used this for at least the past 5 upgrades.
You obviously have no idea what you are talking about.

Re:Is ugrading OpenBSD still kind of a mess?

[awyeah]

FreeBSD in-place upgrades are also very smooth. They have been for as long as I've been using it (since 2.2.5-RELEASE, if I recall correctly). Occasionally, the mergemaster gets a little confusing (there are a lot of config files)... and once in a while I've accidentally replaced a config file I didn't want to... but other than that. :)

Re:Is ugrading OpenBSD still kind of a mess?

[pandrijeczko]

With Gentoo Linux I just do:

emerge --sync && emerge -vuDN world

All done on rolling upgrades, no need to sit in and wait for that new CD in the post.

Re:Is ugrading OpenBSD still kind of a mess?

[Noryungi]

If you like Gentoo better than OpenBSD, all the more power to you.

But don't come and tell me that upgrading OpenBSD is a mess, because it is clearly not. It may be different from Gentoo, but it's not a mess.

And I strongly suspect it is much faster than upgrading Gentoo, but I haven't used Gentoo in a very long time, so I may be mistaken.

Re:Is ugrading OpenBSD still kind of a mess?

[pandrijeczko]

I've used OpenBSD so rarely that I wouldn't deign to offer an opinion on it - I was merely responding to the comments about upgrading Linux.

Is BSD a mess? As above, I've no idea - I just don't like using any OS with pre-built binaries, even Linux, because I don't feel I'm getting the best optimised OS for my hardware. Gentoo compiles everything from source when you update it, and you set dependencies with "USE" flags. It's not perfect all of the time but having gone through Linux From Scratch, Gentoo has been the "happy medium" for me now for about 5 years.

I don't use really old hardware, I just don't use the latest hardware, so for me Gentoo does compile quite fast - however, compiling, say, the latest version of OpenOffice can be an "overnight" job. So, yes, you spend some time updating it, I just have a few machines at home so if one is updating itself then I'm working on another.

Re:Is ugrading OpenBSD still kind of a mess?

I have used OpenBSD for the last 10 releases i.e. 5 years of releases on servers and desktop.
I can't remember any time, when not the only thing I had to do during upgrade was to;
1. Run the install CD and choose "Upgrade".
2. Run "pkg_add -ui -F update -F updatedepends" to upgrade all install packages.

The number of lines in the upgrade guide is just a sign of how focused on correctness and detail these guys are.
Every possible problem in the standard tools during upgrade are mentioned!

I believe this is the simplest, most secure and robust OS available. My servers just run for years without ever needing any maintenance. I never compile custom versions of the kernel and always use binary packages.

/ Peter

Re:Is ugrading OpenBSD still kind of a mess?

Agree. I have used OpenBSD for the last 10 releases i.e. 5 years of releases on servers and later on desktop.
I can't remember any time, when not the only thing I had to do during upgrade was to;
1. Run the install CD and choose "Upgrade".
2. Run "pkg_add -ui -F update -F updatedepends" to upgrade all install packages.

The number of lines in the upgrade guide is just a sign of how focused on correctness and detail these guys are.
Every possible problem in the base tools during upgrade are mentioned!

I believe this is the simplest, most secure and robust OS available. My servers just run for years without ever needing any maintenance due to failure or attacks. I never compile custom versions of the kernel and always use binary packages.

/ Peter

They focused on Security to distinguish themselves

[doodlebumm]

I have great respect for the OpenBSD folks. Their focus on security was a result of needing to distinguish themselves in the free marketplace. Back in the late 90's it was necessary to focus on something to keep from being lost in the fray. I don't believe it was their altruism that pushed them to that focus as much as they had some good expertise and made the most of it for marketing. Like I said, I have great respect for them, but let's not put them up on a pedestal that is too high. They have made some security mistakes in the past, and they've fixed them pretty well, too. They are human just like the rest of us.

So tell me...

What advantages does this operating system have over say, a train, which I could also easily afford?

Re:So tell me...

[Anne+Thwacks]

You can get it, install it and have it - and all the applications you are likely to need - running in 40 minutes, for nothing! (on a 450MHz processor), and quite possibly need only another 40 minutes maintenance, with no reboots, in the next two years. Any scripts you write will probably run on future versions for the next 10 years without modification. It is by far the lowest maintenqance infrastructure you can get in the long term

Obviously for a commercial webserrver, not a domestic workstation.

Disclaimer: Yes, I have done this myself. I have used BSD since 1980, and OpenBSD since it was first released. Mostly on sparc/sparc64 hardware.

Re:So tell me...

[neural.disruption]

I'm currently using OpenBSD on a 233mhz pentium mmx with 64megs of ram, with X running. You know why? Because most"lightweight" linux distro would not even run the installation right (have you ever tried to use a livecd with 64megs? why the hell would I want a livecd for old computers with low specifications? Oh wait there is no text install...).

Apart from deli linux and fluxbuntu(that is strangely more lightweight than damn small linux) that were kind of slow.

Re:So tell me...

[pandrijeczko]

Ahem!

Puppy Linux has a minimum Pentium 166 CPU spec and will run in 64MB up to release 1.0.2.

Re:So tell me...

http://polishlinux.org/choose/comparison/?distro1=NetBSD&distro2=OpenBSD

Current unmodified releases of NetBSD and OpenBSD work on old computers.

Re:So tell me...

Yes, and also have text installation, that works out of the box and installs in less than 1 hour.

Do you read your own sources?

[Mathinker]

If you would like to better understand security through obscurity

"Security through obscurity" is a "term of art" in the security field, and for sure you're wrong when you say

That means that part of the power of the system is a lack of users having a solid knowledge of the OS and it's finer details.

The particular demographics which you claim exist are not, as you point out, caused by an attempt to use secrecy of design or implementation to increase security (as the WP article you linked to explains is the meaning of "security through obscurity").

Re:They focused on Security to distinguish themsel

[Plunky]

Heh, flamebait it is not.. seems that some openbsd fanboy has modpoints today :)

Because there isn't any

Because you are a troll for throwing up that question to which you know the answer to: there isn't any

Oh, really?

[RichiH]

You could write an alternative to OpenSSH faster than you could write an alternative to the Linux kernel.

Of course, I gloss over pretty much every detail, but so do you.

Um...who buys CDs anymore?

[hackel]

Seriously! Even for commercial products don't people purchase them electronically? Maybe I'm just so far-removed from the commercial software world that I can't even comprehend this in this day and age... I did order a free Ubuntu CD once, but never even ended up using it because Ubuntu releases so often that there's almost always a newer version the next time you want to install it, and downloading via bittorrent is so fast. Of course I understand for those unlucky folk who are living in the middle of nowhere on a analogue or satellite connection or something, but seems this market is rather small.

Re:Um...who buys CDs anymore?

[NicM]

Of course you can order a CD and then download. Buying a CD is a way of supporting the project, not just an installation mechanism.

Re:Um...who buys CDs anymore?

[hackel]

Hmm, I know the cost is minor, but I'm sure it really adds up in aggregate. It's a real waste to spend money on printing and shipping a CD if you don't even need it. I think a regular, old donation is much better in this case.

pf rulesets might need rewriting

[nuckfuts]

I wouldn't characterize it as a "mess", but I do notice there are some changes to to pf rules syntax, so some rewriting of your firewall rules might be required.

I've been using OpenBSD since around 2.7. I've come to really trust the judgment of the developers in general, and the pf developers in particular. I've yet to see them break backwards compatibility without good reason.

Re:They focused on Security to distinguish themsel

[epine]

Their focus on security was a result of needing to distinguish themselves in the free marketplace.

Ah, so that's how the practice of corporal mortification first originated. Crowded marketplace and all. In the modern guise, carborundum Kevlar asbestos underpants.

You can tell a lot about a software developer by whether the developer considers features a liability or an asset, and how much bad is accepted along with the good. I can hardly think of a line of work one is less likely to "stumble into" for lack of any other obvious way to distinguish oneself. Sure, anyone out there can toss these off:

D. J. Bernstein / Papers

For recreation, he writes up Putnam competition solution sets.

Security researchers as a clan seem to share a taste for mortification culture. Half the time, DJB writes likes he's either wearing a hair shirt or knitting one. Anyone else witnessed his epic rant "Var is my hair shirt"?

Oh, and along with specializing in the warm Caribbean waters of security research, we'll go ten years without missing a biannual ship date, since we're casting about for anything trivial to up the flag pole.

I once had a math-geek acquaintance with underdeveloped social skills who decided to balance the equation by becoming an avid sky diver. Last I spoke to him about this, long ago, he had by some miracle survived 80 dives, and a few close calls, including once with his arm tangled in his main which was fluttering above him like a limp condom. Before he decided to risk tangling his reserve, it caught some air and he descended hanging by a partially dislocated arm.

I once asked him what's the difference between the main and the reserve, aside from the basic fact that it's smaller and tends to lead to a hard landing (which probably feels soft as butter until the adrenaline wears off).

His answer: you need extra certification to pack a reserve, and the one or two people at each club who do this (more often that you'd like to think) are almost always close to sober.

There's a lot of people in the Linux camp who seem to reason along the lines that "if it doesn't get used much, it shouldn't exist". Which translates in my metaphor to death by popularity.