Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 4.7 Released

Posted by timothy on from the inexorable-and-dedicated dept.

An anonymous reader writes "The release of OpenBSD 4.7 was announced today. Included in this release are support for more wireless cards, the loongson platform, pf improvements, many midlayer filesystem improvements including a new dynamic buffer cache, dynamic VFS name cache rewrite and NFS client stability fixes, routing daemon improvements including the new MPLS label distribution protocol daemon (ldpd) and over 5,800 packages. Please help support the project by ordering your copy today!"

143 comments

  1. Yeah, so... by Anonymous Coward · · Score: -1, Troll

    What is the release song called? Is Theo still an obnoxious little shit?

  2. The Insecurity of OpenBSD by Torino · · Score: 1, Interesting
    This is the story Slashdot should have included to run.

    The insecurity of OpenBSD

    A criticism of the OpenBSD security philosophy is performed, along with an examination of the claims made regarding the project. In particular their rejection of any advanced access control framework is examined. A well researched and well written article, followed by over 200 comments that are also worth reading.

    1. Re:The Insecurity of OpenBSD by Jorl17 · · Score: 0

      I think this should be modded up. It isn't criticism, it's looking inside a system -- thinking about it, analyzing it and attempting to improve it.

      --
      Have you heard about SoylentNews?
    2. Re:The Insecurity of OpenBSD by Torino · · Score: 0

      How is this Flamebait? It is an interesting article, and I would like to see it discussed. Don't be put of the title, it is not saying OpenBSD is insecure.

    3. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: -1, Troll

      I like how you link to the osnews stub rather than the actual article in a pathetic effort to cover up the fact that it's a nonsensical blog post by a moron (probably you).

    4. Re:The Insecurity of OpenBSD by bhima · · Score: 4, Informative

      Oh come on now... The title is inflammatory and tone is combative. Unsurprisingly the discussion at guy's blog degenerates pretty quickly.

      I don't really disagree with most of his central points: Secure by default isn't really useful to most people; OpenBSD needs more security features than older UNIX ones; and the OpenBSD team does themselves a huge disservice with their "not invented here" syndrome... But really the whole thing could be been written with a more professional tone and fostered a lot more constructive discussion.

      --
      Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
    5. Re:The Insecurity of OpenBSD by DrSkwid · · Score: 0

      Isn't giving a critique the definition of critisism ?

      --
      There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
    6. Re:The Insecurity of OpenBSD by Torino · · Score: 2, Interesting
      I don't think the title is inflamatory despite the fact it will inevitably be taken that way.

      He is talking about what prevents OpenBSD from being a secure system for the points you mention.

      I found the discussion on the blog quite interesting aside from the insults, which are a minority

    7. Re:The Insecurity of OpenBSD by John+Saffran · · Score: 1

      The direct link for what's it worth: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/

    8. Re:The Insecurity of OpenBSD by magellanic · · Score: 1

      That article has been posted several times on *BSD mailing lists and is hardly relevant to the release of a new version.

      I wonder if an article criticizing the security of Slashdot's darling OS, Linux, would receive such positive moderation on a release story.

    9. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      The interesting thing about this article is that it calls out many of the OpenBSD developers in the comments. After pointing out the holes in the anonymous author's article, they point out the features that make OBSD more secure. You could condense the article into "I want you to include what I want" and the replies into "show us some code, we have thought a lot of this through, and it make sense, choose it if you like". Me, I run a busy name server for a university on OpenBSD, and have for 10 years. Some times it stayed up for 900 days, meaning I didn't continually update the o/s, because it ran rock solid. Now, I update more often, but I don't worry about the security of the system. It Rocks!

    10. Re:The Insecurity of OpenBSD by Torino · · Score: 1
      Slashdot regularly runs stories criticizing Linux's security,

      For some reason they refused to run this one, so I thought it would be good to draw attention to it on a related story.

    11. Re:The Insecurity of OpenBSD by Lunix+Nutcase · · Score: 1

      Slashdot regularly runs stories criticizing Linux's security,

      So they regularly run such stories and yet not a single one appears after going back more than a month through the Linux section?

    12. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      It's kind of pointless to criticize lunix; the result is always the same: "but windows is worse!"

    13. Re:The Insecurity of OpenBSD by rivaldufus · · Score: 4, Insightful

      Perhaps every Ubuntu release story should have a link to a site titled "The Unusability of Ubuntu." Seems fair, doesn't it? The article would necessarily have to be negative... title non-withstanding. Slashdot has turned seriously hostile to non-Linux open source operating systems. I'm not sure why. I've even heard people here use the classic, "nobody uses it, so it must be bad" argument - the same one Windows users make about Linux.

    14. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Interesting

      Maybe if the article had any real merit, instead of making stupid statements that aren't true.

      It's a shame the author's love affair with MAC can't help him write a decent article.

      I wonder how many installations of Linux have SELinux disabled because it broke something.

    15. Re:The Insecurity of OpenBSD by Torino · · Score: 1

      What in the article isn't true?

    16. Re:The Insecurity of OpenBSD by MichaelSmith · · Score: 1

      With respect, a name server is about the easiest thing to secure. It runs one application plus (maybe) ssh. The only vulnerabilities will be in BIND and they are not considered OS issues by OpenBSD anyway. Try securing a system with 100 untrusted interactive users. Or running a dodgy webhosting control panel, then see how you go.

      --
      http://michaelsmith.id.au
    17. Re:The Insecurity of OpenBSD by Torino · · Score: 1

      Ubuntu is not unusable regardless of what features they decide to leave out, while the argument is made that OpenBSD is insecure because of features they do leave out. So, the analogy doesn't quite work.

    18. Re:The Insecurity of OpenBSD by magellanic · · Score: 1

      That MAC is anything but bloated a waste of time.

      The notion that adding security as an afterthought is a good idea.

    19. Re:The Insecurity of OpenBSD by Torino · · Score: 0
      Ahh, so nothing is incorrect, you just don't understand MAC

      The archaic UNIX security model is exactly that, archaic. There are needs it cannot meet, and something like MAC is needed.

      It does provide increased security by enforcing proper separation of duty and privilege correctly, not adding it in later as OpenBSD has done.

      I love OpenBSD, but to dismiss MAC as a waste of time just serves to discredit yourself.

    20. Re:The Insecurity of OpenBSD by magellanic · · Score: 1

      No, Ubuntu isn't unusable because of omitting features. It's unusable because what they start with is unusable, and they have nowhere to go from there.

      Much like security. You can't bolt on features after the fact and suddenly have a secure product.

    21. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      Says the guy who sucks more nigger dicks than a hooker in Harlem.

    22. Re:The Insecurity of OpenBSD by magellanic · · Score: 1

      The archaic UNIX security model is exactly that, archaic. There are needs it cannot meet, and something like MAC is needed.

      When operating system code is security audited, what needs can the *NIX security model not meet?

    23. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      I think it's funny that many of the items mentioned are not just hogwash, but irrelevant. The parts that make the most sense and can bring the most security (implementing MAC) is treated as though it is the be all end all of modern application security...

      That's like saying DAP is what makes windows secure...

      You can't say that about any OS, the configuration, application set and network design all contribute to this security. If MAC is implemented at some level but you put your files in an FTP accessible folder you've just used MAC effectively, but it didn't do you any damn good. This goes for most SELinux installations I've born witness to. They are configured to deliberately ignore bad behavior (either set permissive or with a plethora of exceptions) because the packaged and supported SELinux impedes many packaged deployments from functioning. Get the SELinux exception updating etc built into the packages and then we can talk about ease of use. (For instance, install VSFTPD on a CentOS machine set SELinux to enforce and get home directories with Kerb auth configured and try and login. ) That's an EXTREMELY common configuration and yet it fails out of the box and requires additional troubleshooting.

      Convenience vs Security even at that level. You can guess how many systems make it all the way through to production with SELinux in enforce mode...

    24. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      Since when do you have to have SELinux-style security controls to be considered "secure" or not? I would imagine that having a kernel that is written robustly and prevents exploits from happening in the first place be the focus of security concerns.

      The whole point of OpenBSD is to have a secure Unix-style operating system, with the emphasis on Unix. SELinux-style security is very un-Unix. The OpenBSD people are making a design choice here, and I don't think it's necessarily an illegitimate one, nor one that necessarily expands the attack surface of the operating system.

    25. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      BIND is part of the OpenBSD base system so flaws in it will be taken very seriously.

    26. Re:The Insecurity of OpenBSD by Torino · · Score: 1

      It isn't unusable to start with, your just attacking it because you personally don't like it. Additionally, an argument for MAC is not bolting features on after the fact. If it is properly implemented, it is in the kernel to start with. Unlike, say, rewriting Apache over 10 years to have privilege separation, which is adding it on after the fact.

    27. Re:The Insecurity of OpenBSD by Torino · · Score: 1
      1. The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

      2. An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

      3. Auditing, along the lines of what OpenBSM provides. This isn't related to MAC, yet the team still doesn't implement it...

    28. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      Don't run insecure software then, shitfuck.

    29. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Insightful

      The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

      Maybe I'm wrong, but if the mail server isn't crap it should give up root privileges as soon as possible. So, to get root you need to do two things.

      1) Exploit a bug in the mail server
      2) Exploit a bug in the operating system to gain root privileges

      If MAC is part of the operating system, and can therefore contain operating system bugs, how does it mitigate step 2? How does it mitigate it any more than an operating system without MAC?

      An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

      Are you serious? The root user has ultimate power by definition. That's been the case with *NIX for decades.

    30. Re:The Insecurity of OpenBSD by Sir_Lewk · · Score: 1

      Most of us have been reading slashdot long enough that "several times a year" qualifies as sufficiently regular.

      In other words: get off my fucking lawn.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    31. Re:The Insecurity of OpenBSD by udippel · · Score: 2, Insightful

      While I consider your comment as 'Interesting', if not 'Insightful', I still can't approve of your

      This is the story Slashdot should have included to run.

      The story is about the release of the most recent OpenBSD, 4.7; its availability, funding, etc. The discussion about its 'lack of security' is surely of a very different nature.

      Having read the article mentioned by you (I saw 43 comments,?), I can only agree - and I knew that for long - that OpenBSD has no access control systems on top of the Unix-permissions. If they should be there, and how their lack renders OpenBSD less secure than Linux, is quite another topic. Actually, I was kind of disappointed when reading the article, because it focuses solely on access control to crack OpenBSD. So even the title was badly chosen: the article talks about a perceived 'lack of a security feature' or something to that behalf; not about an 'insecure' OS. And yes, there is a difference, and the article is clear about it: If, and only if, the system is broken into (already), can additional access controls eventually contain damage.

    32. Re:The Insecurity of OpenBSD by RockoTDF · · Score: 3, Funny

      It is Mac, not MAC. And while we are at it, it is pronounced OS ten, not OS ex. I find the two mistakes are highly correlated.

      --
      There is more to science than physics!

      www.iomalfunction.blogspot.com
    33. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      They're talking about Mandatory Access Control, not Macintosh, you retard.

    34. Re:The Insecurity of OpenBSD by Lunix+Nutcase · · Score: 2, Interesting

      Most of us have been reading slashdot long enough that "several times a year" qualifies as sufficiently regular.

      And yet going back even farther to more than 6 months I've yet to see a single one of those supposed articles that criticize Linux security. Care to actually link to even a single article that isn't more than a year old?

    35. Re:The Insecurity of OpenBSD by drsmithy · · Score: 2, Interesting

      I wonder how many installations of Linux have SELinux disabled because it broke something.

      The overwhelming majority, in my experience.

    36. Re:The Insecurity of OpenBSD by Torino · · Score: 0

      Hi, I should have been clearer. When I say it is a story slashdot should have ran, I meant ran as well, certianly as a seperate story.

      I do think the issue is interesting and deserving of its own discussion though.

      (I think there are about 200 comments, but only the initial comment is counted)

      I also think the article is more than just pointing out the lack of access controls, it is also against the secure by default policy, strl calls, lack of ways to lock down a system, lack of auditing etc...

      The reason access controls are needed for a secure system is because access controls are about more than containing external intruders....

    37. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      It is I, Torino. Posting anonymously because apparently there is a retarded posting limit.

       

      Maybe I'm wrong, but if the mail server isn't crap it should give up root privileges as soon as possible. So, to get root you need to do two things.

      The mailserver is just an example. There is plenty of software running as root. It doesn't really matter if you only get local there is a local root exploite available. Have a look at the bugfix lists or check out bugtraq. Root vulnerabilities still happen often enough.

      Perhaps not on OpenBSD's base system, but certainly on 3rd party software you may want to run on OpenBSD. The point is that if an attack does happen, OpenBSD does not allow you to contain the damage sufficiently.

       

      If MAC is part of the operating system, and can therefore contain operating system bugs, how does it mitigate step 2? How does it mitigate it any more than an operating system without MAC?

      MAC cannot prevent the exploit as such, but it can make the attacker completely limitless. You can take away execute permission, write permission (allowing just append), no file creation, absolutely nothing except the very minimal that the program actually needs. It is essentialy like handcuffing and straitjacketing a burglar as soon as they get in.

      There are many, many examples of SELinux or GRSecurity or whatever sucussfully containing an attack. Whereas if those same attacks were aimed at the same software on an OpenBSD machine, the damage done would not be restricted.

       

      Are you serious? The root user has ultimate power by definition. That's been the case with *NIX for decades

      Sure, but why is that a good thing? "getting root" is the general aim of an attacker....when you remove that aim getting anything becomes a whole lot harder.

      There is absolutely no reason to have a user with absolute power when we have the technology to segregate power and duties, there by significantly reducing the attack surface.

    38. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: -1, Troll

      Man, you are annoying whiner. Slashdot does write about linux problems (security and other) regularly -- maybe not with the enthusiasm that Windows problems are covered with but someone who is interested in the subject (as you should be considering the username) should easily notice the articles.

      http://linux.slashdot.org/story/09/08/13/2022212/Local-Privilege-Escalation-On-All-Linux-Kernels

      I'm sure you will now continue whining how it's more than six months old...

    39. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Insightful

      The mailserver is just an example. There is plenty of insecure software running as root.

      FTFY

      MAC cannot prevent the exploit as such, but it can make the attacker completely limitless. You can take away execute permission, write permission (allowing just append), no file creation, absolutely nothing except the very minimal that the program actually needs.

      This sounds a lot like what securelevel(7) already does.

      There is absolutely no reason to have a user with absolute power when we have the technology to segregate power and duties, there by significantly reducing the attack surface.

      There is absolutely no reason to put up walls so the sysadmin can't do anything, rather than fix the bugs that let an attacker gain root in the first place.

    40. Re:The Insecurity of OpenBSD by Torino · · Score: 1

      This sounds a lot like what securelevel(7) already does.

      Nope. Not at all similar in terms of capabilites. Securelevels are a pale imitation of what you can do with MAC, not even close.
      If you really think securelevls are at all close to MAC, then you really don't understand MAC.

      There is absolutely no reason to put up walls so the sysadmin can't do anything, rather than fix the bugs that let an attacker gain root in the first place.

      It's not putting up walls, it's enforcing secure policy and good practice, and sometimes the law.

      Sepeartion of duty, read up on it.

    41. Re:The Insecurity of OpenBSD by kelanden · · Score: 1

      The original author's argument consists entirely of pillorying OpenBSD for its lack of any Extended ACL framework as a second line defense against security breaches. Posters in the comments section rightly point out that OpenBSD does indeed include other second line defenses like PID randomization, ASLR, and extensive support for chroots - some of which are still not supported by default in Linux distributions today. The OpenBSD maintainers' choice to focus on ensuring the quality of the first line application and kernel codebases merely represents a different approach, no doubt motivated in part by their small number of developers. An EACL framework is essentially a bolt-on solution to help contain applications that are poorly written and difficult to isolate - it is potentially easier to address the issues in the targeted applications than to devote additional effort to the security frameworks, especially when said frameworks represent an increase in the system attack surface unto themselves.

      The author completely fails to address these counterarguments, dismissing approaches like chroots as overly simplistic and holding fast to the unsupported position that properly audited security policies are somehow inherently superior to properly audited kernel and application code. There may very well be a place for Extended ACL frameworks in OpenBSD, but the linked article is certainly not enough to convince anyone.

    42. Re:The Insecurity of OpenBSD by Sir_Lewk · · Score: 1

      I have no idea why this is modded troll, as the AC kindly provided a link to such an article, as the GP requested...

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    43. Re:The Insecurity of OpenBSD by Anonymous Coward · · Score: 0

      Because both of them are decidedly Off Topic for a discussion of the OpenBSD release. The mod might not have been the right one, but the argument still has no place here even if I do agree that Slashdot has a disparity in security coverage when it comes to their precious linux.

    44. Re:The Insecurity of OpenBSD by agrounds · · Score: 1

      No, it's unusable because it doesn't support my wireless on my Dell laptop at all. My choices are crap NDIS wrappers or the reverse engineered Broadcom drivers, both of which drop the connection at least twice a minute which makes doing any actual network transfer nigh impossible.

      It's unusable because the goddamn thing can't remember the way I arranged my panel from one boot to another without moving shit all over the place regardless of whether I lock it or not.

      It's unusable because the power management sleep mode still drains my laptop battery in roughly an hour despite this working PERFECTLY two releases ago.

      It's unusable because every single time I upgrade something new breaks. I am running software entirely from the main repository, and it still breaks.

      It's unusable because when you file a bug people either post "ME TOO LOL" or shit on you for being "A STPID NOOB".

      It's unusable because the developer teams care more about moving buttons around on title bars and making everything purple and orange than keeping the UI consistent. Yeah, this is supposed to train us for whatever shit they want to put on the right side of the window in the next release. How does this help me now? Why the fuck are the buttons out of order?

      It's unusable because hooking my laptop up to a projector should not involve me opening a terminal and dicking around with XRandR in the year 2010. Other systems have gotten this right for pretty much the last 6 years running.

      I don't hate it. In fact, it's because I want it to work so badly that I get so damn mad about it. You can't act like the system is flawless though. It's just not true and you know it.

    45. Re:The Insecurity of OpenBSD by Torino · · Score: -1

      Wow, what article did you read?

      The article does address "PID randomization, ASLR, and extensive support for chroots" as well as secure levels. There is a whole section devoted to these technologies. The whole point is that are all aimed at preventing attacks from happening, and that there is no way to sufficient lock down a system in the event someone does get in.

      An EACL at the kernel level is not any more of a bolt on solution than rewriting Apache to have privielge sepration or adding in executable space protection. OpenBSD is only useful as long as you don't stray outside the tiny base system of audited code. If you run 3rd party software which has a hole that gets exploited, then you're FUBAR

      You may not agree with the article, but don't say the author did not address the protections available already within OpenBSD when he clearly did.

  3. Does anyone know if ldpd is available in Linux? by migglelon · · Score: 1

    Does anyone know if ldpd is available in Linux also? Do you need OpenBSD to support VRF's?

    1. Re:Does anyone know if ldpd is available in Linux? by Anonymous Coward · · Score: 1, Informative

      No, not without removing a lot of OpenBSD'isms from it.

    2. Re:Does anyone know if ldpd is available in Linux? by rivaldufus · · Score: 1

      no harder than trying to port something heavily linux centric to a *BSD, I would imagine.

  4. Good by Jorl17 · · Score: 1

    Now go RTFA before you post.

    Darn, FAILED.

    --
    Have you heard about SoylentNews?
  5. Bad timing... by B5_geek · · Score: 1

    I just downloaded the old version 2 days ago!

    On a serious note; Can a BSD client read/write/use a Debian NFS share?

    --
    "The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
    1. Re:Bad timing... by ciscon · · Score: 0

      as did i (sparcstation 5)... :-( good thing upgrading is easy.
      and yes, you shouldn't have any difficulties.

    2. Re:Bad timing... by armanox · · Score: 3, Informative

      I don't know why it shouldn't be able to. Make sure the NFS versions match (NFS3, NFS4)

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    3. Re:Bad timing... by baldusi · · Score: 4, Informative

      Be careful with the settings of the no-df bit in TCP fragments, which Linux NFS generates and expects, while PF rightly blocks when scrubbing. The PF FAQ is your friend there.

  6. Where are the screenshots? by Dystopian+Rebel · · Score: 4, Funny

    If I can't see examples of OpenBSD running Gnome with transparent Conky over a red Lamborghini Murcielago wallpaper and maybe some cascading green character columns like the Matrix, I'm going back to Ubuntu.

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
    1. Re:Where are the screenshots? by rubycodez · · Score: 4, Funny

      yes, have some.

                  http://tinypic.com/r/2yoo29t/6

      on a Toshiba laptop too (all devices work)

    2. Re:Where are the screenshots? by Anonymous Coward · · Score: 0

      Better U go & get windows98 :)

    3. Re:Where are the screenshots? by Anonymous Coward · · Score: 0

      You can't have that with the base install. But you can have composited fvwm with ascii porn, tetris, and a letter from deraadt@.

      http://img193.imageshack.us/img193/9992/snapshot7h.png

      fvwm looks 100x better than the best Gnome will ever look.

  7. /checks pic by Anonymous Coward · · Score: -1

    Loongson comes with a bottle of Duvel?! I'll order 20 today!

  8. Got my CD in the mail a few days ago by eudaemon · · Score: 4, Interesting

    Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value. OpenBSD like anything else has its flaws: namely a insular and hostile user community and theocratic leader with a vision. On the other hand it's people like that who get things done.

    It would be nice to do more with OpenBSD than I can now, but last I checked ports didn't have the latest asterisk, getting the latest Java running is a pita, the latest Apache has an incompatible license or something, ZFS will never be supported, etc, etc, etc. But staying up with the latest software isn't really a design goal for Theo & crew. It's sort of the PVP UNIX - no care bears welcome. Their targeted approach to security over features makes it the best OS out there for targeted uses, but who knows if they'll make it to 5.7 - decreasing relevance and due to narrowing mainstream software support definitely also narrows interest.

    Regardless, congrats on another great release.

    1. Re:Got my CD in the mail a few days ago by value_added · · Score: 2, Interesting

      Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value.

      I guess you could describe that as "What's the sound of one-hand clapping?" or "An inside joke of the nth degree". ;-) Entertainment aside, pf users and fans should note the pf syntax changes.

    2. Re:Got my CD in the mail a few days ago by PopeRatzo · · Score: 1

      My firewall's named linksys and the SSID is default, both for sheer entertainment value.

      "Entertainment value"?

      I've got to party with you, sometime.

      --
      You are welcome on my lawn.
    3. Re:Got my CD in the mail a few days ago by mirix · · Score: 1

      I'll bring the sparkling apple beverage.

      I've got a couple openBSD boxes myself. One is on httpd duty, the other doesn't do much, just sort of general purpose - I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this).

      --
      Sent from my PDP-11
    4. Re:Got my CD in the mail a few days ago by butalearner · · Score: 2, Funny

      theocratic leader

      Yeah, he can really de ratchet up the abrasiveness when he wants to.

    5. Re:Got my CD in the mail a few days ago by nurb432 · · Score: 1

      Targeting a small specialized market is never good for your longevity, regardless how good you do it.

      --
      ---- Booth was a patriot ----
    6. Re:Got my CD in the mail a few days ago by jd · · Score: 2, Interesting

      I'm not sure that it has decreasing relevance. For something like a firewall or other networked appliance (where you don't actually have users logging on and interactively using it), OpenBSD is way ahead of the game. Auditing the kernel and securing that is actually a good strategy for such devices, whereas mandatory access controls would be more of a cycle-hog. For reasons I don't entirely understand - or agree with - the world is slowly moving away from desktops and towards appliance-based computing. Look at the rate Droid is accumulating apps, compared to the rate new stuff is being written for Linux.

      I do not know what the ideal security strategy is - I feel that it must involve components that are transparent to any part of the kernel the user or superuser can substantially interact with, because although you can prove a Security Kernel correct mathematically (it is one of the few OS components simple enough), this is useless if there is any means of either accessing the functions protected or re-implementing them, yet nobody likes re-designing implementations and call points are bound to be missed if code changes are required. This means that the security kernel has to act in a manner akin to dynamic probes and inject itself into modules without needing static insertion points. Security then just becomes a form of debug in step mode (continue until next probe, then pause the kernel thread) in which the debug data is analyzed automatically rather than by an engineer.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    7. Re:Got my CD in the mail a few days ago by yo_tuco · · Score: 2, Interesting

      "I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this)."

      OBSD has support for the 20 pin gpio header on a Soekris net4801 board out-of-the-box. With that you can easily make either digital or transistor switches to control things. The shell command is gpioctl which you may want to grab the source and mod it so its not reading command line arguments and can be put in your code without an os system call depending how frequently you are reading/writing the pin states.

    8. Re:Got my CD in the mail a few days ago by onefriedrice · · Score: 1

      OpenBSD like anything else has its flaws: namely a insular and hostile user community and theocratic leader with a vision.

      I see what you did there.

      --
      This author takes full ownership and responsibility for the unpopular opinions outlined above.
    9. Re:Got my CD in the mail a few days ago by rsax · · Score: 1

      and theocratic leader

      Nicely done.

    10. Re:Got my CD in the mail a few days ago by magellanic · · Score: 1

      ...hostile user community and theocratic leader...

      I've observed the OpenBSD attitude as being anything but religious in most cases, at least compared to FSF/GNU folk, and far closer to the laudable `shut up and hack'. The community may appear hostile, but successful users need to have initiative rather than being spoon fed. `RTFM', or a milder equivalent, is often the best way to encourage that.

    11. Re:Got my CD in the mail a few days ago by Torino · · Score: 2

      It would just be nice if they extended their definition of security to be more than preemptive bug fixing.
      The article I linked to above is a good discussion of this. Given how they flat out reject MAC, and the reasons they give for doing so, it seems they know very little about actual security.

    12. Re:Got my CD in the mail a few days ago by eudaemon · · Score: 1

      As others have noted, this was a double entendre if not downright pun. OpenBSD users are not by and large welcoming if someone trips across the wrong e-mail list. As I stated - it's the PVP OS: come prepared to defend yourself. In the case of OpenBSD that means reading the FAQs, trolling the list history and submitting a dmesg when you do ask a question. Failing to do that is the EVE Online equivalent of flying your pod through 0.0 space.

    13. Re:Got my CD in the mail a few days ago by MichaelSmith · · Score: 1

      I'll bring the sparkling apple beverage.

      I've got a couple openBSD boxes myself. One is on httpd duty, the other doesn't do much, just sort of general purpose - I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this).

      For that I would use a microcontroller. An atmel atmage8 draws 5mA running at 20MHz. It has better low level IO capabilities than a PC and it can talk to a PC through a serial port. The idea would be to use the microcontroller for day to day control and start the expensive (in power) PC when you have new instructions for it.

      --
      http://michaelsmith.id.au
    14. Re:Got my CD in the mail a few days ago by eudaemon · · Score: 1

      Rule #0x0a: Nothing on Slashdot is obscure.

    15. Re:Got my CD in the mail a few days ago by eudaemon · · Score: 2, Funny

      Heh, glad I made you laugh. Why are there no slashdot meetups? Oh yeah, because that would require getting dressed and leaving the house.

    16. Re:Got my CD in the mail a few days ago by eudaemon · · Score: 1

      /rimshot

    17. Re:Got my CD in the mail a few days ago by mirix · · Score: 1

      I've done some work with AVR's, and they're great. But I want to be able to SSH into this thing and see what's going on from work :)

      (this is a low power centaur board anyways, I think it uses 15w full tilt..)

      --
      Sent from my PDP-11
    18. Re:Got my CD in the mail a few days ago by mirix · · Score: 1

      Cool. I've got an AVR32 (not ARM or MIPS, something completely different) powered board that I've played with a bit, similar idea I suppose. Although I don't believe there is an openbsd port for it... I should pick up something ARM sometime, here..

      I've got a sort of hate for the gpio subsystem in linux, and I've never played with the one in openBSD - I'll have to look into that.

      Luckily the board I have in mind has a full PC/104 bus (essentially ISA, with a different connector), so I can inb/outb to my heart's content. It's a via C3 thing, roughly the size of a 3.5" hdd.

      --
      Sent from my PDP-11
    19. Re:Got my CD in the mail a few days ago by rubycodez · · Score: 1

      now that's funny, considering openbsd has been around since 1995, three years after the first real linux distro.

    20. Re:Got my CD in the mail a few days ago by rubycodez · · Score: 1

      Their definition of security goes far beyond pre-emptive bug fixing, but the author of that article is ignorant of OpenBSD security, and Unix security in general, and moreover thinks MAC will save him from the common exploits that bring down real machines (which any experienced Unix admin knows is total B.S.)

    21. Re:Got my CD in the mail a few days ago by rubycodez · · Score: 1

      Your beef about asterisk might be a bad assumption. I build asterisk systems as part of my job. The 1.6 series asterisk has all manner of issues, you'll be wanting to use 1.4.x (1.4.25 or above) if you intend to do production stable system. As it happens, OpenBSD even has binary 1.4.25 package ready to install at a single command.....

      And, in the ports (scripting-based system), you have 1.6.0.25. which is considered a more stable of the 1.6.x series, such as it is.

    22. Re:Got my CD in the mail a few days ago by magellanic · · Score: 1

      I'm surprised you have time to investigate other operating systems if you're thinking in MMORPG analogies. :)

    23. Re:Got my CD in the mail a few days ago by Anonymous Coward · · Score: 1, Funny

      Why are there no slashdot meetups?

      What's that? I think it's the sound of thousands upon thousands of buffet restaurants slamming and locking their doors at the thought.

    24. Re:Got my CD in the mail a few days ago by nurb432 · · Score: 1

      15 years is a blip. When it hits 30 we can talk.

      --
      ---- Booth was a patriot ----
    25. Re:Got my CD in the mail a few days ago by rubycodez · · Score: 1

      bullshit, for software project 15 years with tens of thousands of users worldwide is smashing success and proven endurance. There are multi-million dollar commercial software success stories that have risen and fallen in a shorter time and are no longer used.

    26. Re:Got my CD in the mail a few days ago by magellanic · · Score: 2, Insightful

      OpenBSD doesn't want to take over the world, see the project goals. This doesn't stop their work becoming used on a large scale, but this happens because of the software's features and technical superiority.

      On the other hand, many Linux advocates seem to be obsessed with the idea of world domination. I've seen these people choose Ubuntu for reinstall/upgrade jobs when their friends and family would genuinely be more comfortable, and better off, with Windows or OS X.

      Decide for yourself which is the more noble goal.

    27. Re:Got my CD in the mail a few days ago by Torino · · Score: 0

      How so? They limit their auditing to the base system. Securelevels and DAC are not sufficient to lockdown a system, as where MAC can prevent damage from being done in most cases. I'm not ignorant of OpenBSD and Unix security, and use OpenBSD quite a bit and agree with the article in general.

    28. Re:Got my CD in the mail a few days ago by iggymanz · · Score: 1

      No, a MAC won't keep an exploit from destroying data files for which a user or application is already allowed access. Suppose a buffer overrun exploit is used to gain control and corrupt the application's database which is allowed by ACL. What is your MAC going to do? Nothing, that's what.

      On the other hand, other features of OpenBSD *do* come into play against such a problem.

    29. Re:Got my CD in the mail a few days ago by ppanon · · Score: 1

      Yes. MAC is primarily about supporting military information classification levels. While that also has some security applications, they are fairly limited when it comes to civilian computing appliances and single-user workstations. Since those are the main niches that OpenBSD targets, It makes sense that they would eschew that extra complexity in favour of other approaches that have a bigger security payoff for those applications.

      --
      Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
    30. Re:Got my CD in the mail a few days ago by NicM · · Score: 1

      With due respect, I think both you and the author of the "insecure" article have some fundamental misunderstandings about OpenBSD and the way the project works.

      Just to note I don't speak for the project here, this is just my impressions from being involved for a short time.

      Firstly, jokes about theocracy aside, OpenBSD is not a dictatorship. There are a lot of developers, and they don't all agree about everything.

      So, even if some OpenBSD developers say they are skeptical about MAC, it doesn't mean all are, or that there is no way to salvage it, or that any code involving the term MAC would be dismissed out of hand. It just means that as it is now, well, they are skeptical. And nobody has appeared with suitable code to change minds. And perhaps that developers are tired of hearing about it from people who manifestly aren't going to contribute.

      Secondly, in OpenBSD, contribution drives everything. People who write articles or feature requests or posts on Slashdot are taken much less seriously (if they are taken seriously at all) than people who contribute to the project. Many other OSS projects are the same, but in OpenBSD it is very plain.

      Thirdly - and this is something most people seem to miss - any MAC implementation must meet the projects' goals (which are something that no current implementation I have seen does, and certainly not one which anyone has submitted code to implement in OpenBSD). At least it must: be good code; be appropriately licensed; be simple and understandable; be documented; and (important!) be secure by default.

      So, if you sit down, design and write a MAC framework that meets those criteria, it will be properly considered. You will have to fight your corner, of course, and make a case that persuades others why it is useful, and accept review and make changes if necessary, but if you are prepared to do the work it will be taken seriously - it may not be accepted, but it will be given a lot more weight than writing an article about it.

      The fact is that until someone is prepared to stop talking and hack on MAC support, this whole thing is really a nonissue inside the project. All developers have their own interests (sometimes many of them) and at the moment it is clear none of them care enough about MAC (whether it has benefits or not) strongly enough to get involved.

    31. Re:Got my CD in the mail a few days ago by Torino · · Score: 1

      MAC will most certainly keep an exploit from destroying users permissions. You can think of it as permissions not being based on users, but perr application/objects.

      Lets say a user exploits Firefox...you would think the exploit would have full access to the users files right? Nope, not so. With MAC, there could be only write access to a downloads directory, no execute access except for a whitelist of files, and only append access for the rest. If the exploit tryied to delete anything, it would fail. Can OpenBSD do anything remotely similar?

      Unfortunatly for the examples you gave, neither OpenBSD nor MAC can do much to protect against something like a database, where it is a program that handles storing records outside of the filesystem, and thus scope of the OS and MAC.

    32. Re:Got my CD in the mail a few days ago by Torino · · Score: 1

      Hi, I really appreciate your reply. Thanks.

      I understand your point, and that OpenBSD is not a dictatorship and that there are some interested in MAC, but just skeptical, and I have to disagree.

      I am quite sure without exception, on the mailing lists on the big debate in 2007 and that insecure article that without exception every lead developer stated that MAC is at best does not offer any additional security, and at worse is false security actually making things worse.

      It is such a poor understanding of such an import security technology that it makes me sad for the project that is meant to be focused around security.

      Not a single lead developer...Theo, Bob Beck, marc Espie etc...they were not skeptical, they outright acctacked it and dismissed it...just spreading FUD.

      I understand that someone would be heard if they were to actually contribute and show something rather than whining or discussing it, but if this is the episode given by the representative developers and the user community, why would anyone even begin such a thankless task?

      Let us not forget, they have the trustedbsd project at their disposal, as well as other software like apparmor and rsbac which is meant to be portable. The problem is not the lack of an implementation, but an outright fear and rejection of MAC for bringing unneccesary complexity to the table.

      Just look at systrace, most of the lead developers attacked it, despite some of the users finding it useful/interesting. Given the cold reception minimac got, I would hae to see the reaction someone attempting to port TrustedBSD or so would receive.

      It would be pretty funny though if someone were to fork OpenBSD as SecureOpenBSD with MAC...

      Until the developers and to a lesser extent the suers bother to understand MAC and stop outright attacking and dismissing it, I can't imagine anyone even considering writing a MAC framework for OpenBSD. It truly does seem a thankless task, which is a shame as it would significantly enhance OpenBSD's capabilities and usefulness to outside of the firewall/router scenario.

    33. Re:Got my CD in the mail a few days ago by NicM · · Score: 1

      The problem is not a lack of an implementation, but not any implementation will do. It has to be suitable, and meet the OpenBSD project goals.

      AppArmour and RSBAC are GPL. Trusted BSD is rather large, relies on some FreeBSDisms, and IMO is overengineered, I think it would be quite a hard sell, but there may be useful ideas. The fact is that even if something useful can be pulled out of Trusted BSD, someone is going to have to put in the time and do it. The reason they might do this, thankless or not, is because they want some sort of MAC in OpenBSD :-).

      I think there is a fair amount of FUD on both sides. A few people do try to make out that MAC is a critical security component, when in fact it is merely a useful tool, and as all discussions so far show, it is far from being universally loved or adopted.

      systrace is a good example of my point, despite being attacked by some developers, it was added to the kernel and base system, and recent discussions on removing it have decided to leave it alone despite its problems because it is useful as a ports debugging tool.

    34. Re:Got my CD in the mail a few days ago by Torino · · Score: 1

      I understand that any MAC implementation for OpenBSD must of course be compatable and meet OpenBSD guidelines. IMO, that is a secondary problem at the moment. The first problem is that the team of developers are outright hostile and do not understand MAC.

      Until that is resolved, no one in their right mind would try and write anything MAC related for OpenBSD. I suspect the developers don't wish to resolve it however, and are happy with their stance.

      I agree there may be FUD on both sides, but having too much faithe in MAC is hardly FUD, while dismissing it without understanding it certainly is. I could understand the project not wanting to implement MAC as not being useful to their target audience...but to dismiss and attack it is just stupid.

      Anyway, I thought systrace was not in the base system, but in ports? Are you saying that if I do a fresh install of OpenBSD 4.7 and don't install any ports, I will have systrace available to use?

    35. Re:Got my CD in the mail a few days ago by NicM · · Score: 1

      I don't really have time to answer your other points, but systrace is in the base system, and to my knowledge it has never been in ports. So yes if you do a fresh install of OpenBSD 3.2 or later you will get systrace.

      See eg http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/systrace.c

    36. Re:Got my CD in the mail a few days ago by Torino · · Score: -1

      Thnaks for clarifying that.

  9. Loongson Support by Anonymous Coward · · Score: 1

    Good for OpenBSD for supporting a computer architecture that is fully open and documented. Oh, the irony that it hails from communist China! And, eee-gads! It looks like Theo and Richard both like it! http://www.osnews.com/story/22674/China_s_Loongson_Processor_Effort

    1. Re:Loongson Support by Anonymous Coward · · Score: 0

      And yet it still sucks dick even in comparison to a 6 year old Intel or AMD chip.

    2. Re:Loongson Support by Anonymous Coward · · Score: 0

      I expect that many people would gladly pay for a dick sucking CPU, as long as it does it well.

  10. Is GNU/Linux networking as poor as it was before? by lanner · · Score: 2, Informative

    When it came to things like OSPF, BGP, routing, filtering (pf failover) and that sort of networking things, Linux hasn't been the best (though queuing and protocols have had some innovations and dev work).

    Anyone have an opinion on this?

    For example, Zebra was basically abandoned (it sucked anyway), which now became quagga -- if I wanted a Cisco, I'd get a Cisco. Stop trying to make it a damn emulator.

    BGP? I don't even know if there is anything.

    iptables is cool, but it just doesn't have failover like pf has (I want people with real-word experience, don't tell me "it's supported" when it's crap.)

  11. Up2Date Mirror List by AFresh1 · · Score: 1

    Please be sure to use a mirror (or torrent) rather than overloading the main site.

    1. Re:Up2Date Mirror List by Anonymous Coward · · Score: 0

      Commendable dude, but people, get your mirrors from www.openbsd.org!!

      At least I don't want to get cd47.FULL.VERSI0N.[ezrootkit].torrent

  12. I love OpenBSD by lemur3 · · Score: 4, Informative

    I started using OpenBSD at version 2.7 after a few years using various versions of Redhat linux and Mandrake.

    I was hooked right away.. It was a lot of things. Maybe the first was the really easy installation process... In my opinion it still might be the simplest out there. There is the well written man pages.. And the simple 'full' installation. It was easy to understand where everything was and it mostly stayed that way from release to release. The config files seemed easy to read and the firewall was really snazzy!

    They do some good work! I enjoy using it, even if all I am really doing is small scale hobby work.
     

    1. Re:I love OpenBSD by Bacon+Bits · · Score: 0, Flamebait

      Maybe the first was the really easy installation process...

      Bullshit. Looking at the release folder, I can't even figure out what I'm supposed to download to install without reading the documentation.

      --
      The road to tyranny has always been paved with claims of necessity.
    2. Re:I love OpenBSD by Slashcrap · · Score: 1

      Maybe the first was the really easy installation process...

      The trouble with BSD people in general is that you can't tell if they're trolling (Theo), being trolled (80% of the BSD community are responding to obvious trolls at any one time which is why they advance so slowly,) or they actually believe what they're saying.

      Maybe you're the same guy that said he was running the Linux Quake 3 under OpenBSD's Linux emulation and getting a higher framerate? This was on Slashdot quite a few years ago. It was soon pointed out that it really, really, wasn't possible to run the Linux version of Quake 3 on OpenBSD, and what's more it didn't have any 3d accelerated drivers (at the time anyway). He probably still believes that he did it though and I bet he's not the only one.

    3. Re:I love OpenBSD by Anonymous Coward · · Score: 0

      Have you ever tried to install OpenBSD ? Sounds like not. Just have a look and you'll see how easy it really is.

  13. Re:Is GNU/Linux networking as poor as it was befor by soppsa · · Score: 1

    Frankly zebra, openbgpd and this mpls daemon are pretty silly. Designed for academia I guess, nobody serious uses these after their track record of instability.

    --
    Ogre Wedding Planners llc.
  14. Re:Is GNU/Linux networking as poor as it was befor by Anonymous Coward · · Score: 0

    This is clearly the unbiased opinion (*chortle*) of Ballmer's favorite cock jockey. Nothing to see here fucks but the usual sopssa FUD.

  15. Maybe... by Lunix+Nutcase · · Score: 1

    Cool story, brah.

  16. I thought you said FreeBSD 4.7! by Anonymous Coward · · Score: -1

    I was like what day is it april 1st? no
    Sysad prank day? no
    Man I thought I was in a timewarp!
    I check the date on the post? nope
    Was slashdot exploited?

    Then I look closer OpenBSD. ahh

  17. YHBT by mister_playboy · · Score: 1

    Check that user's name a bit more carefully. :)

    --
    Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
  18. Tagged "beastie" by kimvette · · Score: 1

    why has no one tagged the article "Beastie?"

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    1. Re:Tagged "beastie" by hhw · · Score: 1

      Because OpenBSD is represented by a blowfish? It's FreeBSD that has Beastie as its mascot.

      --
      http://astutehosting.com/
    2. Re:Tagged "beastie" by mirix · · Score: 1

      openBSD used to have the beastie until 2.x, I think.

      I've got a shirt with him and "openBSD" on it :-)

      I still think the "greasy cop" mascot from 2.5 was the best though. picture

      --
      Sent from my PDP-11
  19. What happened to the music? by Improv · · Score: 2, Interesting

    Used to be that the Plaid Tongued Devils provided a new song for every release - this is the first song I've seen by someone else.

    --
    For every problem, there is at least one solution that is simple, neat, and wrong.
  20. Re:Is GNU/Linux networking as poor as it was befor by Anonymous Coward · · Score: 0

    Quagga has made amazing strides. We've been using it where I work (small local ISP) for several years. We got rid of our main router about 2 years ago (Cisco 7600) and went with it due to a number of factors. I administrate a /20 over it with ~40 remote locations, ~200 servers, PtP VPN tunnels, and around ~100 road warrior VPN tunnels and it hasn't crashed on me yet. The servers uptime is 547 days right now (updates if I recall). We only have 4 peering lines, but unless our providers have had issues we haven't had any.

    Oh and it's actually running virtualized in an HA cluster of Xenservers, if it dies, at the most there's ~5-10ms of downtime. Load average on the machine is 0.00,0.00,0.00. Is it ready for production? I can't say for all shops, but for our modest outfit it does amazing well.

    But yea, Zebra did suck. And no iptables doesn't do complete failover. Though it would be super nice, it's a feature that I could live without. My clients can generally live with a dropped connection every year or two, though I'm well aware some shops cannot.

  21. Re:Is GNU/Linux networking as poor as it was befor by Anonymous Coward · · Score: 0

    Who cares, you should be using a Cisco router.

  22. I can't actually get anything done on OpenBSD. by Anonymous Coward · · Score: -1

    The major problem I have with OpenBSD is that I can't actually do anything with it.

    For my organization, if I need a locked down desktop, I'll take the time to properly set up a linux box using something like SELinux. That way, I can use up-to-date applications that OpenBSD doesn't support.

    If I need hardware to secure my network, then I'll buy hardware that fills a specific function. If I need a firewall, I buy a firewall. If I need a filtering router, I'll buy a router that can do filtering. If I a need a secured server, I'll buy a server and then lock it down.

    1. Re:I can't actually get anything done on OpenBSD. by magellanic · · Score: 1

      It's entirely possible that a piece of hardware you buy contains portions of *BSD code.

      So maybe at some point you will use it, if you don't already, just not how you'd expect.

    2. Re:I can't actually get anything done on OpenBSD. by Anonymous Coward · · Score: 0

      Uhm... Yeah.

      Why use a cheap arm toaster that can be set up in 5 minutes when you can give CISCO a few thousand dollars for a piece of shit?

      BTW, if you are using a Linux that lets you install software that is more up-to-date that OpenBSD current repositories(Which one Crashora or Crashuntu?) I doubt you cant get over 10 hours of uptime. Nowhere near the 3 months you would need to properly configure SELinux.

      But then, I guess you are only looking down on the "sour" grapes. You are not allowed to replace a $10000 router with a $100 redundant array of consumer hardware because it would make your boss look bad.

    3. Re:I can't actually get anything done on OpenBSD. by agrounds · · Score: 3, Insightful

      Uhm... Yeah.

      Why use a cheap arm toaster that can be set up in 5 minutes when you can give CISCO a few thousand dollars for a piece of shit?

      Because that toaster doesn't provide real support and next-day RMA service. You might work in a small shop, but for people who run multiple datacenters, 100s or 1000s of network devices, and whose jobs rely on uptime this is a no-brainer. I'll take the appliance with the service guarantee, replacements, and track record over a few Dells with *nix running on them.

      You are not allowed to replace a $10000 router with a $100 redundant array of consumer hardware because it would make your boss look bad.

      I can see why you posted AC. You're out of your depth. Cisco may churn out some real crapware ancillary platforms sometimes, but when it comes to core routing and switching on the big chassis, they're pretty damned reliable.

  23. "not invented here" syndrome by Anonymous Coward · · Score: 2, Interesting

    The things that are pioneered by OpenBSD, often make their way to everywhere else.
    So, ahem, it IS invented in OpenBSD.

  24. Best way to get my feet wet? by Phoenixhunter · · Score: 1

    What's a functional network appliance type device that supports OpenBSD through and through to load up OpenBSD 4.7 on?

    1. Re:Best way to get my feet wet? by iggymanz · · Score: 1

      I run it on an HP T5135 thin client to which I've added usb microdrive, I use it as a domain server (apache and postfix) and also irc client under "screen" to a couple tech channels. Got that thin client used on eBay for $25.

      Only pulls 16W of power according to kill-a-watt meter, the only machine at home I leave on constantly.

    2. Re:Best way to get my feet wet? by Anonymous Coward · · Score: 0

      Depending on your needs for a network appliance, the Alix boards might suit you. Or, just to get wet feet, you could pull a ten year old PC from somebody's closet, and save the $125.

  25. UTF-8 in console/ssh by Pinchiukas · · Score: 1

    Does it support UTF-8 out-of-the-box yet?

  26. Offtopic much? by Anonymous Coward · · Score: 0

    What exactly does linux networking have to do with openbsd? Are we new to this system administration stuff?

  27. Nothing can beat Apple by Ilgaz · · Score: 2, Insightful

    IMHO if someone has problem with OpenBSD community/leader, he should hang at Mac community/websites/mags and especially IRC channels for a while.

    I also think OpenBSD theocratic leader and hostile community could be the reason why OpenBSD has its unique and prestigious position today... We all heard how many users got banned for questioning inclusion of Mono to a "user friendly" Linux OS distro which has democratic leadership right?

    1. Re:Nothing can beat Apple by teknopurge · · Score: 3, Insightful

      The difference between the OpenBSD community and the Apple community is that the OpenBSD folks know what they are doing. I'm not trying to troll here, but Theo is an asshole, and the exact type of person that I want developing my kernel. His know-it-all attitude and demand for "not-created-here" things to gtfo led to the development of things like OpenSSH. I like the OpenBSD coding style and best-practices in addition to how they audit and analyze their code; more than any feature this is paramount in selecting software for us.

      OpenBSD has fewer kernel panics than 2.6.xx.xx and for network tasks has better performance for us.

      Again, kudos to the OpenBSD team for another release.

      --
      Website Hosting
  28. The problem with OpenBSD by terryfunk · · Score: -1

    is the founder himself, Theo the Raat

  29. At long last. by Noland150 · · Score: 0

    This will be the year of OpenBSD on the desktop.

  30. "NFS client stability fixes" by NateTech · · Score: 1

    NFS still doesn't effing work right? Wow.

    --
    +++OK ATH
    1. Re:"NFS client stability fixes" by iggymanz · · Score: 1

      uh, you do realize every effing OS on planet earth that can run NFS has "NFS stability Fixes" in their patch sets.

      you don't do anything serious with computers, do you?

  31. Two complaints by Anonymous Coward · · Score: 1

    Risking to be modded troll:

    1. No proper ACPI support. This is what kept me away from OpenBSD already in 2004 and still I can not put my laptop to sleep

    2. Only secure if you have time to compile by yourself... no binary updates!!

    Otherwise i really like OpenBSD and I would switch at any moment!

    1. Re:Two complaints by iggymanz · · Score: 1

      most would consider openBSD mainly a server OS, though it has the main common desktop wares available as binary packages there are plenty of other open source OS that have more creature comforts for desktop and laptop use (though I carry USB drive with obsd that does work well with my Toshiba Satellite and for any other thing I need to quickly turn into temporary OBSD appliance).

      cvs update, patching, compiling doesn't take too long on modern normal GHz hardware though, minutes. On the other hand, doing it on my thin client "domain in a can" with 500MHz VIA takes hours, but no reason to sit there and watch it, one minute to type commands, and then sometime later a few seconds to make install. no biggie.

  32. Are you for real? by Anonymous Coward · · Score: 0

    Can you really be this dense? Or have I just been trolled?

    In case you're serious: your shiny Steve-spunk has nothing to do with the topic being discussed. It is about a security feature called Mandatory Access Control. So nobody was dissing your retarded macbook (although it should be). You can now safely roll down your black turtle neck and show your white ear buds.

    Christ-on-a-stick, the attention whoring of mac heads never ceases to amaze...

    1. Re:Are you for real? by inode_buddha · · Score: 1

      YHBT. YHL. HAND.

      --
      C|N>K
  33. Glad I waited... by Anonymous Coward · · Score: -1

    I was going to check out OpenBSD a few days ago, and download 4.6. Good thing I never got around to it.

  34. About your link shortener by Anonymous Coward · · Score: 0

    URL Shorteners - the herpes of the web

    1. Re:About your link shortener by rubycodez · · Score: 2

      so I didn't want to use my bandwidth for my fun and used a free hosting service instead for my photo, big deal. It'll be accessible for at least a year. And even then by context anyone can deduce my point that OpenBSD runs GNOME and Conky with effects just dandily, even on laptops.

      the concerns of that "link shortener" article are laughable. Author is warning of a doomsday when archives of posts from Twitter and other social networking sites become a tangle pile of broken links because of "short URL use" (or more to the point, because of use of free file hosting).

      All the while forgetting that Twitter and such are driven by twits and twats who post the most inane and useless offal. In short, article is fretting about useless spew of garbage becoming more useless. Let the shit bit-rot.

  35. Re:Is GNU/Linux networking as poor as it was befor by Ant+P. · · Score: 1

    There's rumours that iptables might be going away eventually for this instead.

    Now I'll admit I've never used *BSD, but even I can see iptables is *fucking awful* for anything more than the most basic IP/port matching. Hopefully this'll happen sooner rather than later.

  36. Re:Is GNU/Linux networking as poor as it was befor by Anonymous Coward · · Score: 0

    vyatta