OpenBSD 4.7 Preorders Are Up

← Back to Stories (view on slashdot.org)

Posted by timothy on Saturday March 13, 2010 @01:07PM from the so-you're-in-favor-then? dept.

badger.foo writes "The OpenBSD 4.7 pre-orders are up. That means the release is done, sent off to CD production, and snapshots will turn -current again. Order now and you more likely than not will have your CD set, T-shirt or other cool stuff before the official release date. You get the chance to support the most important free software project on the planet, and get your hands on some cool playables and wearables early. The release page is still being filled in, but the changelog has detailed information about the goodies in this release."

28 of 191 comments (clear)

Min score:

Reason:

Sort:

Most important free software project? by Tiger4 · 2010-03-13 13:15 · Score: 3, Funny

Just begging for it aren't you?
Prepare for incoming!!

--
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
1. Re:Most important free software project? by Jose · 2010-03-13 13:30 · Score: 2, Funny
  
  pffft! don't you read the Financial Post? it has been screaming about Rely on the BSDs for a while...
  
  --
  The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
2. Re:Most important free software project? by tzanger · 2010-03-13 13:44 · Score: 4, Insightful
  
  Just because they created OpenSSH doesn't mean the OS is the most important open source project on the planet.
3. Re:Most important free software project? by evilviper · 2010-03-13 18:15 · Score: 3, Informative
  
  Just because they created OpenSSH doesn't mean the OS is the most important open source project on the planet.
  OpenSSH was a huge improvement in the security of networks the world over, but it's not at all the only thing OpenBSD has contributed to the world.
  Certainly, OpenBSD's development of W^X security led to Microsoft doing the same, and Intel/AMD including instructions to make this easier...
  OpenBSD's focus on code correctness and licensing has caused them to lead, and have Linux and other BSDs follow... They announced their dropping of Xfree86 in favor of Xorg before anyone else, and very soon after Xfree86 was no longer found on any OSes. Their objections over the performance, code complexity, and licensing of GCC4 led to them pushing alternative compilers forward, and other projects (like FreeBSD) followed suit, pushing hard to move their favored alternative compilers forward.
  There's many more, but you'll have to wait for someone else to come up with a list...
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
4. Re:Most important free software project? by TheRaven64 · 2010-03-14 02:27 · Score: 3, Informative
  
  Please stop repeating nonsense.
  Darwin is a member of the BSD family. The XNU kernel originally was a single server Mach microkenel running a 4BSD kernel. The Mach components are now reduced and most of the kernel code is either from FreeBSD or from Apple, but it's as much of a BSD descendent as OpenBSD. The Mach part of the kernel manages threads and memory, nothing else. The UNIX process model, all UNIX system calls, SysV and POSIX IPC, the networking stack, and so on all run in the BSD server. On OS X, unlike some earlier Mach systems, the BSD server lives in the kernel's address space and accounts for most of the ring-0 code that an OS X system is running.
  On top of the XNU kernel, Darwin has a userland that gets a lot from FreeBSD, but some things from other sources. The init system is Launchd, which is a home-grown Apple system (now open sourced). The libc is from FreeBSD, but quite modified. The libstdc++, standard shell, and a couple of other things are from the GNU project.
  OS X is Darwin with a lot of proprietary stuff on top (the audio stack and windowing system, for example).
  
  --
  I am TheRaven on Soylent News
But I want it now by MichaelSmith · 2010-03-13 13:22 · Score: 3, Insightful

Thats how people think these days. They don't care about having the three CDs in their soft shell case. The T shirt probably won't fit (I have a NetBSD shirt which would fit two of me).
So charge for an ISO download. Get'em out the door. Save money on CD burning, etc.

--
http://michaelsmith.id.au
1. Re:But I want it now by Anonymous Coward · 2010-03-13 13:43 · Score: 5, Funny
  
  is this still about t-shirts?
It is the most important open source project. by Anonymous Coward · 2010-03-13 13:58 · Score: 3, Insightful

OpenSSH is just a small part of why OpenBSD is so important.
They're basically the only major operating system project that gives a damn about security. Sure, Linux, for instance, is better than Windows when it comes to security. But that's only because Microsoft has fucked up Windows' security so badly.
The OpenBSD developers, on the other hand, are proactive about security. Their coding practices and extensive code reviews prevent bugs and security problems in the first place.
OpenBSD is what you use when you need a system that's secure, stable, and will work for years without being touched. It's excellent for embedded systems, and is excellent for servers. We have some internal OpenBSD servers that haven't been rebooted in six years.
This utmost care permeates the entire OS. It makes it as close as we can get today to "perfect software". The only other project as close to OpenBSD in terms of quality and security is FreeBSD, which benefits a great deal from the code reviews and effort that the OpenBSD devs put in.
1. Re:It is the most important open source project. by DAldredge · 2010-03-13 14:44 · Score: 2, Insightful
  
  What exactly is wrong with Windows Server security?
2. Re:It is the most important open source project. by e9th · 2010-03-13 16:18 · Score: 5, Insightful
  
  OpenBSD, while is very secure, does owe some, if not a lot, of it's security to security through obscurity.
  Security through obscurity? What are you talking about? Name a better documented OS or distro.
  
  New (and not so new) users are well-advised to keep the FAQs bookmarked, but the man pages shipped with the distribution are the most comprehensive I've ever seen. Terse, maybe, but complete, and the developers treat errors/omissions seriously.
  
  Maybe you meant security due to small market share? Don't you think that every wannabe cracker out there wants to make a name for himself by rooting a properly configured OpenBSD box?
3. Re:It is the most important open source project. by DAldredge · 2010-03-13 16:52 · Score: 2, Interesting
  
  Why can't anyone actually answer the question I asked?
4. Re:It is the most important open source project. by slimjim8094 · 2010-03-13 17:36 · Score: 5, Insightful
  
  http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
  That's a month ago. Took about two minutes of searching - like I said, it was a month ago so I didn't have to look backwards very far.
  Remote code execution on Server 2k3 (all versions), Windows 7, and Server 2k8. Of course, this presupposes that Windows has SMB (hint: yes)
  Or do you not consider remote code execution a security issue?
  Look. I don't despise Microsoft like most people around here - just a lukewarm pain-in-my-assness. But let's not go pretending that they don't have more holes than Swiss cheese. If you do, you're either too ignorant to comment, or being delibrately obtuse.
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
5. Re:It is the most important open source project. by CAIMLAS · 2010-03-13 18:54 · Score: 2, Interesting
  
  but what MS does not do well is security. not at all.
  I wouldn't argue against that, not even for a moment.
  But despite the myriads of host, application, and server level exploits for Windows, the default security policies, and generally poor network server capabilities, there's one thing that sticks out in my mind: have there been any exploits for Microsoft's RDP implementation yet?
  I realize that older versions of Microsoft products aren't able to upgrade to the newer versions, but I've never seen a "Terminal Services Root Exploit" as I have with OpenSSH. Maybe I've just not noticed it (I don't pay attention to MS land), but the tool does seem fairly useful.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
6. Re:It is the most important open source project. by Jaime2 · 2010-03-13 22:33 · Score: 3, Informative
  
  IIS doesn't really run as any specific user. The packet router, HTTP.sys, runs as LocalSystem. However the thread processing the request changes its security context very early in the request processing to a low priviledged account.
  
  http://www.securityfocus.com/infocus/1765
  
  This was all fixed seven years ago. IIS 6 and later have a pretty decent security record.
7. Re:It is the most important open source project. by alexandre_ganso · 2010-03-13 23:02 · Score: 3, Interesting
  
  Any PC that is new enough to still be running its original power supply can run some incarnation of Windows 7.
  You forget the fact that windows 7 screwed with drivers severely. We have seven different generations of computers in my department bought through the last thee years (it were several smaller university departments that were joined together, that's the reason of so many purchases), from 3-year hp desktops to 6-month asus notebooks.
  NOT A SINGLE ONE OF THEM has all the drivers required for normal operation. You name it: 512mb radeon video cards which run with no 3d, no network, no wifi (my personal machine had 3 different wireless adapters tested, no go), on the portables not even the sound cards and webcams work! And they don't accept vista drivers either.
  Amazingly, on several of those machines, as a joke we tested mac os x hackintosh, just to see how it goes. And the hackintosh performed better out-of-box than windows 7. No need to say that ubuntu recognized everything from the start.
  So, we are still on windows XP and vista on the newer notebooks.
Re:Subjective summary is subjective by bsDaemon · 2010-03-13 14:01 · Score: 4, Informative

OpenBSD is also responsible for, among other things, OpenSSH, OpenBGPD, and OpenNTPD -- all three of which are widely adopted and used far, far beyond the sphere of influence of even OpenBSD itself. OpenSSH accounts for some 90% of all SSH deployments world-wide. Whether you know it or not, OpenBSD-related software enables quit a bit of the internet infrastructure.
Is ugrading OpenBSD still kind of a mess? by flydpnkrtn · 2010-03-13 14:20 · Score: 3, Interesting

See the upgrade guide for upgrading 4.5 to 4.6... it's a 280 line upgrade guide:
http://www.openbsd.org/faq/upgrade46.html

...on RedHat and CentOS, to go from RHEL 5.3 to RHEL 5.4 I did "yum -y update". That's it.
Can we get there with OpenBSD? At my current place of employment we were using OpenBSD, but the upgrade process was an argument that was made (by other members of my team) to move to RHEL...

--
Here's to the crazy ones
1. Re:Is ugrading OpenBSD still kind of a mess? by MichaelSmith · 2010-03-13 14:28 · Score: 2
  
  The BSD projects have a great packaging system but it is only used for layered applications. It could certainly be used for the whole system but I think that defeats the "as simple as possible" approach they try to use.
  You can install from source and update with cvs if you want.
  
  --
  http://michaelsmith.id.au
2. Re:Is ugrading OpenBSD still kind of a mess? by flydpnkrtn · 2010-03-13 14:31 · Score: 4, Informative
  
  To follow up on my own post, they have a draft upgrade guide up it looks like (they recommend that it not be used yet though):
  http://www.openbsd.org/faq/upgrade47.html
  Looks like they include a utility to make life easier when upgrading... looks similar to what Gentoo Linux does when config files are upgraded... new configs are diff'd, and can be interactively merged, etc:
  "OpenBSD now includes the sysmerge(8) utility, which helps administrators update configuration files after upgrading their system. Sysmerge(8) compares the current files on your system with the files that would have been installed with a new install, and gives you the option of keeping the old file, installing the new file, or assisting you in the manual merging of the old and new files, using sdiff. For past upgrades, we've presented a list of files that are usually copied over "as-is", and a list of files which should be changed, and a patch file that applies those changes to what might be in those files on your system. You may opt to use sysmerge to make the changes, or you may wish to use the patch file first, and then follow up with a sysmerge session to clean up any loose ends."
  So it looks like they're at least making an effort to make it less painful
  
  --
  Here's to the crazy ones
3. Re:Is ugrading OpenBSD still kind of a mess? by BeardedChimp · 2010-03-13 14:32 · Score: 2, Informative
  
  This is very disingenuous. The upgrade guide contains all possible contigency plans incase you have altered system files, or have chosen not to upgrade the kernel etc.
  
  For example look at the debian lenny upgrade notes. They are way longer but generally debian based distros are considered some of the best for upgrades.
4. Re:Is ugrading OpenBSD still kind of a mess? by Just+Some+Guy · 2010-03-13 14:46 · Score: 4, Informative
  
  The funny thing (to me) is that the upgrade process looks a lot harder than it actually turns out to be. On our servers, it usually amounts to running the installer, running patch to update files in /etc, running a single command to upgrade all the installed 3rd-party software, and rebooting a last time to make sure it comes back up cleanly.
  In practice, the things that OpenBSD doesn't automatically upgrade with the above steps are the kinds of things you wouldn't want a script to attempt, such as upgrading the firewall configuration to use new features. The process certainly isn't slick or pretty, but it does the job well and safely.
  
  --
  Dewey, what part of this looks like authorities should be involved?
5. Re:Is ugrading OpenBSD still kind of a mess? by evilviper · 2010-03-13 17:36 · Score: 3, Informative
  
  See the upgrade guide for upgrading 4.5 to 4.6... it's a 280 line upgrade guide:
  http://www.openbsd.org/faq/upgrade46.html ...on RedHat and CentOS, to go from RHEL 5.3 to RHEL 5.4 I did "yum -y update". That's it.
  You can just do the OpenBSD upgrade without reading those instructions... as you did with RHEL.
  If you'd actually started to read those instructions, you'd have seen they outline basically all feature changes between the previous and current release. See:
  
  scrub in all no-df max-mss 1440
  can be replaced with a rule using the new "match" action:
  match in all scrub (no-df max-mss 1440)
  Did the yum upgrade automatically make all necessary syntax changes in all corner cases in your config files to adapt them for the newest versions of the software? Obviously not... You're left to figure those out yourself. If the new version of iptables uses different options for some obscure option, you're screwed. Oh well, guess you should have read the RHEL 5.4 errata, which happens to be SEVERAL THOUSAND LINES http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/index.html
  
  --
  Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
They focused on Security to distinguish themselves by doodlebumm · 2010-03-13 15:11 · Score: 2, Interesting

I have great respect for the OpenBSD folks. Their focus on security was a result of needing to distinguish themselves in the free marketplace. Back in the late 90's it was necessary to focus on something to keep from being lost in the fray. I don't believe it was their altruism that pushed them to that focus as much as they had some good expertise and made the most of it for marketing. Like I said, I have great respect for them, but let's not put them up on a pedestal that is too high. They have made some security mistakes in the past, and they've fixed them pretty well, too. They are human just like the rest of us.
Re:Subjective summary is subjective by onefriedrice · 2010-03-13 16:55 · Score: 2, Insightful

As good as the Linux kernel is, there are viable replacements with arguably better licensing terms. On the other hand, the likes of OpenSSH are so good (and so widely used) that most people couldn't name a single ssh alternative.

--
This author takes full ownership and responsibility for the unpopular opinions outlined above.
Re:Subjective summary is subjective by MrNaz · 2010-03-13 16:57 · Score: 2, Insightful

11 words.
The Linux kernel would not be securely accessible remotely without OpenSSH.

--
I hate printers.
Re:Subjective summary is subjective by OttoM · 2010-03-13 19:23 · Score: 3, Informative

Not true. It is simple, but it does slewing and rules out bad servers etc.
Re:Subjective summary is subjective by timmarhy · 2010-03-13 21:14 · Score: 3, Informative

because after 2 releases they stop making security updates. other OS's go a hell of a lot longer before they EOL their releases.
i've had this arguement with openbsd people before. what it comes down to is openbsd is their toy and they like constantly updating rather then doing mundaine shit like patching old versions.
all well and good, it's their project they can do as they please, but don't pretend that it's a superior server OS, because it simply doesn't cut it if you don't have patch support after just 12 months. there's plenty of secure systems with more features and longer EOL's that make openbsd more trouble then it's worth.

--
If you mod me down, I will become more powerful than you can imagine....
Re:Subjective summary is subjective by TheRaven64 · 2010-03-14 02:31 · Score: 2, Interesting

It, along with the rest of the OpenBSD base system, now compiles with PCC. It also compiles with clang and, last benchmarks I saw, performed better when compiled with clang than with GCC. So, I guess the answer to your question is 'better'.

--
I am TheRaven on Soylent News