Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 4.7 Released

Posted by timothy on from the inexorable-and-dedicated dept.

An anonymous reader writes "The release of OpenBSD 4.7 was announced today. Included in this release are support for more wireless cards, the loongson platform, pf improvements, many midlayer filesystem improvements including a new dynamic buffer cache, dynamic VFS name cache rewrite and NFS client stability fixes, routing daemon improvements including the new MPLS label distribution protocol daemon (ldpd) and over 5,800 packages. Please help support the project by ordering your copy today!"

30 of 143 comments (clear)

  1. Re:Bad timing... by armanox · · Score: 3, Informative

    I don't know why it shouldn't be able to. Make sure the NFS versions match (NFS3, NFS4)

    --
    I'm starting to think GNU is the problem with "GNU/Linux" these days.
  2. Where are the screenshots? by Dystopian+Rebel · · Score: 4, Funny

    If I can't see examples of OpenBSD running Gnome with transparent Conky over a red Lamborghini Murcielago wallpaper and maybe some cascading green character columns like the Matrix, I'm going back to Ubuntu.

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.
    1. Re:Where are the screenshots? by rubycodez · · Score: 4, Funny

      yes, have some.

                  http://tinypic.com/r/2yoo29t/6

      on a Toshiba laptop too (all devices work)

  3. Got my CD in the mail a few days ago by eudaemon · · Score: 4, Interesting

    Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value. OpenBSD like anything else has its flaws: namely a insular and hostile user community and theocratic leader with a vision. On the other hand it's people like that who get things done.

    It would be nice to do more with OpenBSD than I can now, but last I checked ports didn't have the latest asterisk, getting the latest Java running is a pita, the latest Apache has an incompatible license or something, ZFS will never be supported, etc, etc, etc. But staying up with the latest software isn't really a design goal for Theo & crew. It's sort of the PVP UNIX - no care bears welcome. Their targeted approach to security over features makes it the best OS out there for targeted uses, but who knows if they'll make it to 5.7 - decreasing relevance and due to narrowing mainstream software support definitely also narrows interest.

    Regardless, congrats on another great release.

    1. Re:Got my CD in the mail a few days ago by value_added · · Score: 2, Interesting

      Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value.

      I guess you could describe that as "What's the sound of one-hand clapping?" or "An inside joke of the nth degree". ;-) Entertainment aside, pf users and fans should note the pf syntax changes.

    2. Re:Got my CD in the mail a few days ago by butalearner · · Score: 2, Funny

      theocratic leader

      Yeah, he can really de ratchet up the abrasiveness when he wants to.

    3. Re:Got my CD in the mail a few days ago by jd · · Score: 2, Interesting

      I'm not sure that it has decreasing relevance. For something like a firewall or other networked appliance (where you don't actually have users logging on and interactively using it), OpenBSD is way ahead of the game. Auditing the kernel and securing that is actually a good strategy for such devices, whereas mandatory access controls would be more of a cycle-hog. For reasons I don't entirely understand - or agree with - the world is slowly moving away from desktops and towards appliance-based computing. Look at the rate Droid is accumulating apps, compared to the rate new stuff is being written for Linux.

      I do not know what the ideal security strategy is - I feel that it must involve components that are transparent to any part of the kernel the user or superuser can substantially interact with, because although you can prove a Security Kernel correct mathematically (it is one of the few OS components simple enough), this is useless if there is any means of either accessing the functions protected or re-implementing them, yet nobody likes re-designing implementations and call points are bound to be missed if code changes are required. This means that the security kernel has to act in a manner akin to dynamic probes and inject itself into modules without needing static insertion points. Security then just becomes a form of debug in step mode (continue until next probe, then pause the kernel thread) in which the debug data is analyzed automatically rather than by an engineer.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    4. Re:Got my CD in the mail a few days ago by yo_tuco · · Score: 2, Interesting

      "I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this)."

      OBSD has support for the 20 pin gpio header on a Soekris net4801 board out-of-the-box. With that you can easily make either digital or transistor switches to control things. The shell command is gpioctl which you may want to grab the source and mod it so its not reading command line arguments and can be put in your code without an os system call depending how frequently you are reading/writing the pin states.

    5. Re:Got my CD in the mail a few days ago by Torino · · Score: 2

      It would just be nice if they extended their definition of security to be more than preemptive bug fixing.
      The article I linked to above is a good discussion of this. Given how they flat out reject MAC, and the reasons they give for doing so, it seems they know very little about actual security.

    6. Re:Got my CD in the mail a few days ago by eudaemon · · Score: 2, Funny

      Heh, glad I made you laugh. Why are there no slashdot meetups? Oh yeah, because that would require getting dressed and leaving the house.

    7. Re:Got my CD in the mail a few days ago by magellanic · · Score: 2, Insightful

      OpenBSD doesn't want to take over the world, see the project goals. This doesn't stop their work becoming used on a large scale, but this happens because of the software's features and technical superiority.

      On the other hand, many Linux advocates seem to be obsessed with the idea of world domination. I've seen these people choose Ubuntu for reinstall/upgrade jobs when their friends and family would genuinely be more comfortable, and better off, with Windows or OS X.

      Decide for yourself which is the more noble goal.

  4. Re:Bad timing... by baldusi · · Score: 4, Informative

    Be careful with the settings of the no-df bit in TCP fragments, which Linux NFS generates and expects, while PF rightly blocks when scrubbing. The PF FAQ is your friend there.

  5. Is GNU/Linux networking as poor as it was before? by lanner · · Score: 2, Informative

    When it came to things like OSPF, BGP, routing, filtering (pf failover) and that sort of networking things, Linux hasn't been the best (though queuing and protocols have had some innovations and dev work).

    Anyone have an opinion on this?

    For example, Zebra was basically abandoned (it sucked anyway), which now became quagga -- if I wanted a Cisco, I'd get a Cisco. Stop trying to make it a damn emulator.

    BGP? I don't even know if there is anything.

    iptables is cool, but it just doesn't have failover like pf has (I want people with real-word experience, don't tell me "it's supported" when it's crap.)

  6. Re:The Insecurity of OpenBSD by bhima · · Score: 4, Informative

    Oh come on now... The title is inflammatory and tone is combative. Unsurprisingly the discussion at guy's blog degenerates pretty quickly.

    I don't really disagree with most of his central points: Secure by default isn't really useful to most people; OpenBSD needs more security features than older UNIX ones; and the OpenBSD team does themselves a huge disservice with their "not invented here" syndrome... But really the whole thing could be been written with a more professional tone and fostered a lot more constructive discussion.

    --
    Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
  7. I love OpenBSD by lemur3 · · Score: 4, Informative

    I started using OpenBSD at version 2.7 after a few years using various versions of Redhat linux and Mandrake.

    I was hooked right away.. It was a lot of things. Maybe the first was the really easy installation process... In my opinion it still might be the simplest out there. There is the well written man pages.. And the simple 'full' installation. It was easy to understand where everything was and it mostly stayed that way from release to release. The config files seemed easy to read and the firewall was really snazzy!

    They do some good work! I enjoy using it, even if all I am really doing is small scale hobby work.
     

  8. Re:The Insecurity of OpenBSD by Torino · · Score: 2, Interesting
    I don't think the title is inflamatory despite the fact it will inevitably be taken that way.

    He is talking about what prevents OpenBSD from being a secure system for the points you mention.

    I found the discussion on the blog quite interesting aside from the insults, which are a minority

  9. What happened to the music? by Improv · · Score: 2, Interesting

    Used to be that the Plaid Tongued Devils provided a new song for every release - this is the first song I've seen by someone else.

    --
    For every problem, there is at least one solution that is simple, neat, and wrong.
  10. Re:The Insecurity of OpenBSD by rivaldufus · · Score: 4, Insightful

    Perhaps every Ubuntu release story should have a link to a site titled "The Unusability of Ubuntu." Seems fair, doesn't it? The article would necessarily have to be negative... title non-withstanding. Slashdot has turned seriously hostile to non-Linux open source operating systems. I'm not sure why. I've even heard people here use the classic, "nobody uses it, so it must be bad" argument - the same one Windows users make about Linux.

  11. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Interesting

    Maybe if the article had any real merit, instead of making stupid statements that aren't true.

    It's a shame the author's love affair with MAC can't help him write a decent article.

    I wonder how many installations of Linux have SELinux disabled because it broke something.

  12. "not invented here" syndrome by Anonymous Coward · · Score: 2, Interesting

    The things that are pioneered by OpenBSD, often make their way to everywhere else.
    So, ahem, it IS invented in OpenBSD.

  13. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Insightful

    The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

    Maybe I'm wrong, but if the mail server isn't crap it should give up root privileges as soon as possible. So, to get root you need to do two things.

    1) Exploit a bug in the mail server
    2) Exploit a bug in the operating system to gain root privileges

    If MAC is part of the operating system, and can therefore contain operating system bugs, how does it mitigate step 2? How does it mitigate it any more than an operating system without MAC?

    An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

    Are you serious? The root user has ultimate power by definition. That's been the case with *NIX for decades.

  14. Re:The Insecurity of OpenBSD by udippel · · Score: 2, Insightful

    While I consider your comment as 'Interesting', if not 'Insightful', I still can't approve of your

    This is the story Slashdot should have included to run.

    The story is about the release of the most recent OpenBSD, 4.7; its availability, funding, etc. The discussion about its 'lack of security' is surely of a very different nature.

    Having read the article mentioned by you (I saw 43 comments,?), I can only agree - and I knew that for long - that OpenBSD has no access control systems on top of the Unix-permissions. If they should be there, and how their lack renders OpenBSD less secure than Linux, is quite another topic. Actually, I was kind of disappointed when reading the article, because it focuses solely on access control to crack OpenBSD. So even the title was badly chosen: the article talks about a perceived 'lack of a security feature' or something to that behalf; not about an 'insecure' OS. And yes, there is a difference, and the article is clear about it: If, and only if, the system is broken into (already), can additional access controls eventually contain damage.

  15. Re:The Insecurity of OpenBSD by RockoTDF · · Score: 3, Funny

    It is Mac, not MAC. And while we are at it, it is pronounced OS ten, not OS ex. I find the two mistakes are highly correlated.

    --
    There is more to science than physics!

    www.iomalfunction.blogspot.com
  16. Nothing can beat Apple by Ilgaz · · Score: 2, Insightful

    IMHO if someone has problem with OpenBSD community/leader, he should hang at Mac community/websites/mags and especially IRC channels for a while.

    I also think OpenBSD theocratic leader and hostile community could be the reason why OpenBSD has its unique and prestigious position today... We all heard how many users got banned for questioning inclusion of Mono to a "user friendly" Linux OS distro which has democratic leadership right?

    1. Re:Nothing can beat Apple by teknopurge · · Score: 3, Insightful

      The difference between the OpenBSD community and the Apple community is that the OpenBSD folks know what they are doing. I'm not trying to troll here, but Theo is an asshole, and the exact type of person that I want developing my kernel. His know-it-all attitude and demand for "not-created-here" things to gtfo led to the development of things like OpenSSH. I like the OpenBSD coding style and best-practices in addition to how they audit and analyze their code; more than any feature this is paramount in selecting software for us.

      OpenBSD has fewer kernel panics than 2.6.xx.xx and for network tasks has better performance for us.

      Again, kudos to the OpenBSD team for another release.

      --
      Website Hosting
  17. Re:The Insecurity of OpenBSD by Lunix+Nutcase · · Score: 2, Interesting

    Most of us have been reading slashdot long enough that "several times a year" qualifies as sufficiently regular.

    And yet going back even farther to more than 6 months I've yet to see a single one of those supposed articles that criticize Linux security. Care to actually link to even a single article that isn't more than a year old?

  18. Re:The Insecurity of OpenBSD by drsmithy · · Score: 2, Interesting

    I wonder how many installations of Linux have SELinux disabled because it broke something.

    The overwhelming majority, in my experience.

  19. Re:The Insecurity of OpenBSD by magellanic · · Score: 2, Insightful

    The mailserver is just an example. There is plenty of insecure software running as root.

    FTFY

    MAC cannot prevent the exploit as such, but it can make the attacker completely limitless. You can take away execute permission, write permission (allowing just append), no file creation, absolutely nothing except the very minimal that the program actually needs.

    This sounds a lot like what securelevel(7) already does.

    There is absolutely no reason to have a user with absolute power when we have the technology to segregate power and duties, there by significantly reducing the attack surface.

    There is absolutely no reason to put up walls so the sysadmin can't do anything, rather than fix the bugs that let an attacker gain root in the first place.

  20. Re:About your link shortener by rubycodez · · Score: 2

    so I didn't want to use my bandwidth for my fun and used a free hosting service instead for my photo, big deal. It'll be accessible for at least a year. And even then by context anyone can deduce my point that OpenBSD runs GNOME and Conky with effects just dandily, even on laptops.

    the concerns of that "link shortener" article are laughable. Author is warning of a doomsday when archives of posts from Twitter and other social networking sites become a tangle pile of broken links because of "short URL use" (or more to the point, because of use of free file hosting).

    All the while forgetting that Twitter and such are driven by twits and twats who post the most inane and useless offal. In short, article is fretting about useless spew of garbage becoming more useless. Let the shit bit-rot.

  21. Re:I can't actually get anything done on OpenBSD. by agrounds · · Score: 3, Insightful

    Uhm... Yeah.

    Why use a cheap arm toaster that can be set up in 5 minutes when you can give CISCO a few thousand dollars for a piece of shit?

    Because that toaster doesn't provide real support and next-day RMA service. You might work in a small shop, but for people who run multiple datacenters, 100s or 1000s of network devices, and whose jobs rely on uptime this is a no-brainer. I'll take the appliance with the service guarantee, replacements, and track record over a few Dells with *nix running on them.

    You are not allowed to replace a $10000 router with a $100 redundant array of consumer hardware because it would make your boss look bad.

    I can see why you posted AC. You're out of your depth. Cisco may churn out some real crapware ancillary platforms sometimes, but when it comes to core routing and switching on the big chassis, they're pretty damned reliable.