Slashdot Mirror
OpenBSD Marches Toward 5.0 Release
badger.foo writes "OpenBSD-current just turned 5.0-beta, providing us a preview of what the upcoming release (slated for November 1st) will look like. Peter Hansteen takes us through the main new features and explains the development process that has consistently turned out high-quality releases on time, every six months for more than a decade."
*Post that makes a joke about the Firefox release schedule*
If it wasn't for the fact that most System Administrators are more comfortable with Linux or Windows (And many of the new ones are not too willing to expand that much on the command line). I would have all my servers running OpenBSD. You get it set it up to do the Job you want and let it work.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
He's "De Raadtical"!
That's why I use it! No one can piss all over a party on the listserv like Theo!
"Flyin' in just a sweet place,
Never been known to fail..."
Disclaimer: I use OpenBSD for hosting mission critical financially sensitive servers.
Sent from my ASR33 using ASCII
OpenBSD 5.0 will be released in November.
Twice a year releases mean that we knew this back in 1996.
And 5.0 will be just as much a major release as 4.9 was.
Disclaimer: I use OpenBSD for hosting mission critical financially sensitive servers.
Really? I'd use something more secure.
Oh, I know Theo likes to keep telling everyone how secure OpenBSD is, but every time anyone does discover an exploit in it he's quick to point out some ingenious way in which it doesn't really count. He's like that one kid that everyone knew at school who would just not accept that he was "it" when you were playing tag - always some bullshit made-up-on-the-spot rule why tagging him didn't count.
Don't be that kid. That kid is a dick.
when did this happen?
Lennart Poettering is a completely delusional shithead by the way. You can watch this video to get a taste. Yes, he's the loudmouth asshole in the crowd making ridiculous statements and begging for attention. He should probably have another drink.
Yes. I also reported a nice panic some years ago and it did not get mentioned anywhere. I did not get even "thanks" for investing time to find the critical bug. It was fixed silently. The "remote hole statistics" on the web site are shit. But you still cannot deny the fact that they actually pay attention to security problems. Who cares about this marketing stuff? Grow up.
erm, but he'r right. The speaker did not have real knowledge about the things he was speaking on.
If your hardware is older, OpenBSD is a safer environment - if your CPU does not implement the NX bit, OpenBSD manages the same functionality with W^X. Many other memory-handling features make the system safer (malloc with mmap, rather than sbrk, for example), although there can be a performance penalty.
OpenBSD implements privilege separation in many of the daemons of the base system (ftpd, dhcpd, ntpd, sshd), so you can trust them more.
OpenBSD's alternate daemons for well-known protocols (ntpd, smtpd) give you some "security through obscurity," and you also gain flexibility.
There are also custom patches for well-known servers to improve security (apache chroot).
In a number of ways, OpenBSD is the "Reference UNIX Security implementation." Come see why.
for the last couple years, http://www.openbsd.org/i386.html#hardware very good, works with all the wireless and USB devices I've plugged into it including cameras, several types of wireless ethernet, usb to serial. Yes, it works on my Toshiba and Thinkpad laptops with all video and sound ok, admittedly as one of two alternate partitions for grand occassions with windows xp, and not my main Linux one.; A lot of the recent device additions of that is due to NetBSD and FreeBSD, the BSD license is great for spreading the device love around.
Sweet! Does it ship with Pulse Audio?
Some things that annoyed the hell out of me:
1. First install it wouldn't boot. Seems it didn't save the partitions correctly, so tried again. This time it booted.
2. Home and end keys don't send you to the end or beginning of the command line you're on. Mac also does this. It annoys the hell out of me. One thing windows and linux got right.
3. It comes with vi by default but trying to install vim was a hassle. And once you get it installed, it's not used by default. Instead you gotta create an alias on your shell login script. But even then I could not get that working. On linux, when you install vim, it replaces vi. If I use the command vi after I install vim, it'll use vim. On bsd it keeps both, leading to frustrations.
4. You need to install openssh server after and then go through hoops to allow users to login.
This really did remind me of linux back in 1995. It's archaic and you must remember work arounds. How hard is it to make these modifications be part of the standard install? Why weren't they done a long time ago? I'm sure if you started making stuff as "easy" as linux, you'll attract more users. But from trying it myself, I can see why it's used by so many few people.
erm, but he'r right. The speaker did not have real knowledge about the things he was speaking on.
I wouldn't know about the technical points. I'm talking about his cringeworthy attitude about himself and foss that is further revealed as the trainwreck of a talk continues. Lennart claims (paraphrasing):
1. "It's okay if free software is shit, because it's free! Stop complaining!" As if the quality of a program is somehow related to its monetary cost for a copy. Talk about an inferiority complex. You need developers and contributers with actual pride in their work and who care if this foss thing is going to get to the next level. A shitty program is a shitty program, regardless of how much money it did or didn't take to create. Criticism of LibreOffice usability is just as valid as criticism of MS Office usability unless you feel one is inherently inferior because of some external psychological issue you have (again, inferiority complex).
2. "It's totally unreasonable to expect information on project website's to be accurate, informative, helpful, or up to date! Users should have to go looking for developers and ask them their support/usage questions directly!" This is obviously just fucking stupid on a thousand different levels. No need to comment further.
What a stupid way to count users.
However there are many people who try to seem smarter than they're, and they might deserve to be made fun of.
Leaving aside the moral debate of when a person deserves mistreatment, what is the value of abusively mocking someone in a public forum? It does not raise the level of discourse to something productive. At the least it's a kind of friction and so energy goes out the window as a kind of heat loss. Maybe it's a kind of turbulence that amplifies the original wobble of stupidity rather than smoothing things back into a laminar flow. Maybe it promotes a culture of antagonism, resulting in rampant friction and turbulence throughout, even in areas where there's small and meaningful/useful disagreement.
From what I can tell, it's an emotionally underdeveloped way of giving in to one's anger urges rather than a well-considered method for advancing discussion and making progress. You could say it retards progress. There are other, more sophisticated, and actually beneficial ways for handling disagreement and coping with people who are patently wrong.
but did you ever figure out why virtualization is a bad hack to prop up crappy software?
Poettering:
"You're not welcome to complain if it's free"
On how the speaker got feedback from various mailing lists/communities:
Poettering: "You didn't ask the right people...next time just ask me, thank you very much."
Poettering:
"I'm sorry your mindset from the 1970s unix is not up-to-date anymore...*booos*...I see, lots of UNIX lovers here...*cheers*
Speaker:
(after talking about hald)
Poettering: "Ok, hald has been deprecated for 2 years, not my fault people still use it."
speaker: Yes, but it's got these limitations, we should get rid of it, do you agree
Poettering: No, when we designed it it was great, it did all these things that could never be done before
speaker: but it never worked
Poettering: you're doing it wrong, it worked great.
The guy interrupted the speaker for the entire talk and then got up and stage after him and took the mic. What an asshole. Completely regardless of whether or not you disagree with the speaker, it's just plain rude to interrupt a talk like that.
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1703
Read the timeline. Happy to help.
2007-02-20: First notification sent by Core.
2007-02-20: Acknowledgement of first notification received from the OpenBSD team.
2007-02-21: Core sends draft advisory and proof of concept code that demonstrates remote kernel panic.
2007-02-26: OpenBSD team develops a fix and commits it to the HEAD branch of source tree.
2007-02-26: OpenBSD team communicates that the issue is specific to OpenBSD. OpenBSD no longer uses the term "vulnerability" when referring to bugs that lead to a remote denial of service attack, as opposed to bugs that lead to remote control of vulnerable systems to avoid oversimplifying ("pablumfication") the use of the term.
2007-02-26: Core email sent to OpenBSD team explaining that Core considers a remote denial of service a security issue and therefore does use the term "vulnerability" to refer to it and that although remote code execution could not be proved in this specific case, the possibility should not be discarded. Core requests details about the bug and if possible an analysis of why the OpenBSD team may or may not consider the bug exploitable for remote code execution.
2007-02-28: OpenBSD team indicates that the bug results in corruption of mbuf chains and that only IPv6 code uses that mbuf code, there is no user data in the mbuf header fields that become corrupted and it would be surprising to be able to run arbitrary code using a bug so deep in the mbuf code. The bug simply leads to corruption of the mbuf chain.
2007-03-05: Core develops proof of concept code that demonstrates remote code execution in the kernel context by exploiting the mbuf overflow.
2007-03-05: OpenBSD team notified of PoC availability.
2007-03-07: OpenBSD team commits fix to OpenBSD 4.0 and 3.9 source tree branches and releases a "reliability fix" notice on the project's website.
2007-03-08: Core sends final draft advisory to OpenBSD requesting comments and official vendor fix/patch information.
2007-03-09: OpenBSD team changes notice on the project's website to "security fix" and indicates that Core's advisory should reflect the requirement of IPv6 connectivity for a successful attack from outside of the local network.
2007-03-12: Advisory updates with fix and workaround information and with IPv6 connectivity comments from OpenBSD team. The "vendors contacted" section of the advisory is adjusted to reflect more accurately the nature of the communications with the OpenBSD team regarding this issue.
2007-03-12: Workaround recommendations revisited. It is not yet conclusive that the "scrub in inet6" directive will prevent exploitation. It effectively stops the bug from triggering according to Core's tests but OpenBSD's source code inspection does not provide a clear understanding of why that happens. It could just be that the attack traffic is malformed in some other way that is not meaningful for exploiting the vulnerability (an error in the exploit code rather than an effective workaround?). The "scrub" workaround recommendation is removed from the advisory as precaution.
2007-03-13: Core releases this advisory.
Only 17 days to admit that it was a security vulnerability. If their OS is as hard to penetrate as their egos, I'd bet that it would be the most secure OS.
technical skill != social skill
The lack of professionalism you percieve is a lack of social skills. By some definitions profesionalism combines both social and technical skills. But technical brilliance and the ability to write good documentation can exist without interacting with people in a pleasant way. What they apparently lack in one aspect of professionalism they have in abundance in another aspect.
I've never used OpenBSD and haven't had first-hand experience with that community. But the "I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid" mentality (this is supposedly something Theo de Raadt said) was prevalent among IBM mainframe systems programmers when I started working in that environment in the 1980's: very good on a technical level, but rude and difficult to work with unless you had proven that you think for yourself in a way they can appreciate. And once they accepted you they actually were much easier to get along with, but you really had to prove yourself first.
Having no patience with people who distract you from the things you want to put your energy in is functional. It enables you to focus. Not putting too much energy in social skills may be a way to achieve brilliance on a technical level. While that may result in not so nice behaviour on a social level, I have difficulty thinking of that als unprofessional. It can be professional for a technical specialist whose main focus is on making a good product. It would be unprofessional for a salesperson.
It's not how I approach things, but I think it has its place.
Comment removed based on user account deletion
Comment removed based on user account deletion
Jack: What if the applicant wants to discuss virtualization?
Theo: Hurl abuses at him, hit him with the broom, and then threaten to get a shovel.
Comment removed based on user account deletion