Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 4.8 Released

Posted by Soulskill on from the new-and-shiny dept.

Mortimer.CA writes "The release of OpenBSD 4.8 has been announced. Highlights include ACPI suspend/resume, better hardware support, OpenBGPD/OpenOSPFD/routing daemon improvements, inclusion of OpenSSH 5.5, etc. Nothing revolutionary, just the usual steady improving of the system. A detailed ChangeLog is available, as usual. Work, of course, has already started on the next release, which should be ready in May, according to the steady six-month release cycle."

5 of 176 comments (clear)

  1. Re:fdisk by ashkar · · Score: 4, Insightful

    Their targeted users have no problem with the installation. If you aren't comfortable with the installation tools, you probably wouldn't be comfortable with OpenBSD. A pretty installation method is looking for a solution to a problem that doesn't exist.

  2. OSNews? Thom Holwerda? Seriously? by Anonymous Coward · · Score: 4, Insightful

    You're taking some random blog article linked to by Thom Holwerda at OSNews seriously? Those are your three strikes, and you're out, my friend.

    Look, the OpenBSD team knows exactly what they're doing. They're some of the brightest minds in the field. They have many years of experience with real-world security. They've been around long enough to know that there are something things that sound totally fantastic in theory, but in practice they're a complete failure.

    Many advanced security approaches fall directly into this theoretically-great-but-actually-quite-shitty category. They end up being difficult to implement, and end up being full of security flaws and other holes. They end up causing the very things they're supposed to avoid! Thankfully, the OpenBSD developers know this, and smartly stick with a model that's been proven successful over the couse of 40 years.

    1. Re:OSNews? Thom Holwerda? Seriously? by machine321 · · Score: 5, Insightful

      The point of the article is that while the base system may indeed be very secure, it is practically useless.

      1998 called, they want their rationalization back. Besides, just about everyone turns off SELinux when they want to actually get work done.

      Is lighttpd any more secure on OpenBSD than on Linux? No.

      Good thing they have an audited, privsep, chrooted version of Apache, then.

      With SELinux, you need not only a local privilege escalation, but a hole in SELinux as well.

      Bullshit.

      I would argue that OpenBSD may be secure by design, but SELinux is, in practice, more secure.

      Adding complexity rarely increases reliability.

      I would be absolutely ecstatic if OpenBSD implemented something more like SELinux in terms of privilege separation.

      The Stephanie project worked towards doing just that, but it appears the project died several years ago.

  3. Re:fdisk by Anonymous Coward · · Score: 5, Insightful

    I've only installed OpenBSD twice, both successfully, but their fdsik version was very nice.

    Different from Microsoft and Linux fdisk programs? Yes! Because you're not running/installing neither Windows nor Linux. Neither of these are identical systems.

    The OpenBSD fdisk is quite possibly better, and without a doubt far better documented, and not just in the excellent up to date man pages but also in official faq's and installation procedures available on the OpenBSD webpages. Stuff one should read.

    Who would read/read on Microsoft information when installing Linux?
    Who would read/rely on Solaris information when installing Windows?
    Who would read/rely on Linux information when installing OpenBSD?

    If you're having trouble with OpenBSD fdisk or more likely OpenBSD installation peculiarities and requirements that other operating systems either don't have or gloss over then I would recommend reading the OpenBSD documentation, it's all there, yes the issues that can trap someone entirely new too, usually even emphasized.

    A Windows poweruser or superuser can be and often is a total newbie on Linux.
    A Linux poweruser or superuser can be and often is a total newbie on OpenBSD.

    Don't assume different things to be the same.

  4. Re:Have they decided to implement security yet? by DiegoBravo · · Score: 3, Insightful

    From the article, about a "secure operating system":

    > Generally, this would be taken to mean an operating system that was designed with security in mind, and provides various methods and tools to implement security polices and limits on the system.

    Sadly most naive users still believe that security is about setting fine grained permissions, roles, resources and tagging system objects in general. In practice 1) security exploits simply bypass or reconfigure such validations or policies for their own purpose, and 2) getting a really good "fine grained" configuration and reconfiguration is pretty difficult, time consuming, and prone to error (i.e. to increase the vulnerability.)