Slashdot Mirror
OpenBSD 5.2 Released
An anonymous reader writes "OpenBSD 5.2 has been released and is available for download. One of the most significant changes in this release is the replacement of the user-level uthreads by kernel-level rthreads, allowing multithreaded programs to utilize multiple CPUs/cores."
Three of us you insensitive clod!
More seriously, I don't have a problem with how Theo treats people. In fact it's quite funny.
Yeah, Netcraft confirms it is dying, yadda, yadda, yadda, etc... Linus said they were masturbating monkeys, the 1990s called, and they want their rthreads back, etc... etc...
Seriously, folks, if you haven't tried OpenBSD before, give it a spin, you might like it. Sure, it ain't no penguin, but that nice pointy fish is stable, solid, secure and quite a nice little beast to work with. I have had nothing but good experiences with that OS.
Just my US$ 0.02.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Users are the worst security threat around.
http://michaelsmith.id.au
Everyone can learn from that real world-class asshole... he totally dissed a friend of mine in a semi-professional environment, and I figure that a man *that* amazingly, butt-clenchingly unprofessional is just not worth the time of day. To hell with them.
Well guess that makes me number four. I use an old SGI O2 as light www duty. Its a small secure OS that comes with a bare minimum of bloat. Whats not to like about that? I don't care what attitude Theo has, I've never met him. To the average person on the street RMS speaking would resemble a crazy homeless person.
Only the State obtains its revenue by coercion. - Murray Rothbard
Outside of homeless I am pretty sure most people would consider RMS crazy, most zealots are.
Get your PostgreSQL here: http://www.commandprompt.com/
i used to use it a lot
it doesnt' have much going for it, in the scheme of modern unix-like operating systems.. it's a bit of an underdog. it doesn't have fancy high-performance schedulers, its io layer is slow.. it's missing drivers for lots of commodity hardware, some of them because of principles.. theo is an asshole sometimes, with his constant 'im always right and you're always an idiot' thing.. but..
for one, the documentation is beautiful. whoever maintains the documentation should get a medal. there are few typos, everything has a man page, and every man page has EXAMPLES and is easy to understand. better than any other operating system out there. and that's a big plus: if you try any linux distribution and find an unfamilar file in /etc, you have a 50/50 shot of it being documented properly. with openbsd, it's garunteed
because their entire mission is based on thorough auditing, they make sure their code is very well documented and easy to understand. that's a big bonus too. modifying and developing on openbsd, as a platform, is a very nice experience
openssh is a very beautifully written piece of software. it's nice to use, and it's nice to read the source code. when is the last time it gave you any problems? openbsd is an entire operating system written with the same standards.
give it a try if you haven't, it wont hurt you.. virtual machines don't cost anything..
If Theo hadn't systematically pissed off everyone in large corporations that he's come in contact with, they might have written some drivers.
Linus is pragmatic, manages a team of experts well and the so the corporations are happy to work with him.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
RMS is amazingly useful that way.
Standing next to him, all sorts of people look sane. Get enough like-minded people together, Open Source might even start to seem (gasp!) normal.
I believe that the flow of digital information will shape the human landscape as powerfully and inexorably as water carves continents.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
NetBSD people are not famous for pissing anyone, but that did not caused manufacturers to write drivers for them.
True. The difference is that if a NetBSD developer emailed me to ask about using RdRand in the kernel (A thing I would know about) I would happily enter into a technical discussion and help them out. If Theo emailed, I would have to refer the email to the lawyers.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Have you looked at the power usage of that thing recently? It's a 15 year old system that has less processing power than my cellphone & probably draws a few hundred watts with minimal power saving features. It's probably costing you $10-15/month to run that beast - how long would it take for a modern, low-power ARM or Atom box take to pay itself off?
my sig's at the bottom of the page.
Who the hell cares about how Theo treats other people?
Did Steve Jobs piss people off? Did he not treat other people like shit on numerous occasions?
Yet people still lust after Apple products.
You buy/use the product for the sake of the product.
I can set up my OpenBSD server and forget about it for a year, with almost a guarantee that it hasn't been hacked.
That's why I use OpenBSD.
And if Theo is an asshole then Steve Jobs was a much bigger one.
There are two replies to this:
1) OpenBSD supports tons of hardware. Click on one of the supported platforms. First you'll notice is OpenBSD runs on more than x86. Second, click through. You have to work hard to find a class of hardware that doesn't have some support. Most mainstream hardware is supported with many vendors to select from. When you do find missing hardware it's due to the point 2 below.
2) There may be some truth to the claim that Theo has pissed-off some vendors but it plays a small part. A more significant reason there aren't tons of corporate drivers for OpenBSD is the OpenBSD community won't accept any undocumented code (settings that use magic numbers), binary blobs (other than micro code or firmware) and won't sign NDAs to get the info. For code to go in the base it also has to be licensed under a BSD or ISC license.[1]
Many vendors want us to buy their hardware and trust their giant binary blob won't crash our systems. That's their call. Refusing to buy their hardware is ours.
Because of Theo's and the developer's stand against binary blobs OpenBSD base is one of the freest OSs you'll find. If that means a few missing drivers then so be it. Our systems run fine without them.
[1] The only GPL licensed code in base I can think of is gcc.
Question...as someone who has never made a *BSD firewall, what makes it better to go that way as opposed to buying a Sonicwall or Cisco? What features are worth the extra expense required to use a computer as a firewall, VS just using a prebuilt ARM one?
As someone who has never homebuilt a firewall I'm curious, is it just because you want to save some old hardware? I've got an old Sempron I use as a nettop so I know that feeling,but is there more to it than that?
ACs don't waste your time replying, your posts are never seen by me.
there comes a point when your ideology conflicts with what you need to get done. When that happens, is it better to just dump the machine entirely and not do whatever it is you need to do? ...or, suck it up and deal with some insecurity?
How would your situation be different if the emailer was a NetBSD developer? Your either divulge something your company doesn't want you to divulge or you don't. The way the information is asked have little relevance to the way it is handled once codified under the BSD license.
I heard they JUST got ACPI S3/SUSPEND working... only on x86 (not AMD64) and with a lot of footnotes and exceptions. Sign me up!
I used OpenBSD as my primary desktop for a good number of years, but I wouldn't recommend it. That was back when Linux was a mess, too, so OpenBSD being a bit *more broken* didn't look so bad. Unsupported hardware was a big one... Ported software being ancient as all hell and much of it broken, was a big one, too. It's still a good choice for a firewall (please god kill iptables already, and get PF fully functional on Linux!), but I'm not so sure about that if WiFi is involved, and but it's fallen farther and farther behind over the years, to the point it's hard to recommend for much of anything.
On the plus side, my years of fighting with OpenBSD taught me a lot... The crufty old system and out-dated GCC versions made porting open source programs to proprietary Unices a breeze. The init scripts and overall boot process were/are much easier to learn and understand than anything else. OpenSSH, PF, mksh, and other code to come out of OpenBSD is great, and immensely useful on other platforms.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I'd equate it to the difference between being a Windows Admin, and a Unix Admin... The two are worlds apart.
First off, PF syntax is heaven compared to all else. Linux's IPTables syntax is a utter nightmare. Cisco's NAT and ACL syntax is ugly, very limited, so abstracted in syntax and terminology from what it's really doing that it can be impossible to understand without a book of Cisco's own reference material, etc. Juniper's Netscreens are even worse. If anyone tells you otherwise, start asking a few questions about setting-up multi-homed internet service, multicast routing, or trying to determine whether/why a certain connection is being rejected by that 2,000-line ACL rule-set (or failing somewhere else). And this black-box isn't an issue of amateurs who just don't read enough... There really aren't any publications detailing more complex use-cases, and I've exchanged many words with Cisco support managers after multiple level-2 technicians put in explicit writing that some specific multihoming scearios were NOT POSSIBLE on their gear, only to try it out and find it does, in-fact, work exactly as it should.
This isn't something you're likely to hear network admins complain about, because using something better like OpenBSD is never an option they've had, and they know they MUST learn the insane ways of Cisco, to be able to support routers, switches, etc., anyhow.
PF's syntax for ACLs and NAT is dead simple, and as flexible as it can get. What's more, you edit it locally, with your choice of text editor, can syntax check it with a short command, and atomically apply it with all changes (no down-time at all). You've also got unlimited options for commenting it as you choose, making backups, generating it from some dynamic system, including dynamic lists of IPs in a rule that are added/removed by, say, a mail server tracking spammers, or having entire rulesets that are applied only when someone SSHes in to the box, to allow specific services or whatever you want. These are things that network admins DO bemoan on a continual basis... Some network software won't let you insert ACL rules above others (line editing), instead requiring erasing everything below where you want it, then inserting the ACL, then restorting the previous. Others may allow line-editing, but only for permit/deny rules, tossing-out the option of using remarks to properly comment your ACLs.
Network monitoring, debugging, and packet tracing is unimaginably easier. You can run tcpdump, pktstat, or any other utilities RIGHT ON YOUR FIREWALL, telling you EXACTLY what's happening, and where. Easy to filter down to what you want to see, yet can be focused to the point giving you complete packet headers and payloads if you so desire. Cisco pretty recently saw that omitting this functionality can make certain scenarios absolutely impossible to get through, and ASAs now allows generating a pcap/tcpdump/wireshark file, but it must by transferred off to a real computer for analysis in delayed, non-real time.
Anybody using a firewall "appliance" is PROBABLY also using a Unix box to support it in real-time as well... On either side of that ASA / Sonicwall / etc. is a switch configured for "port mirroring", to duplicate ALL that traffic to a Linux box, running SNORT and probably lots of other software, too. That Linux box getting copies of traffic still only provides a modicum of the monitoring, debugging, and reporting options that running your firewall on an actual, full-fledged Unix system can provide, but at least it makes a network admins' difficult job even POSSIBLE to do.
While home "routers" really aren't in the same class, there are MANY reasons you'd want something GOO
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Aren't Juniper's OS BSD based? All BSDs, from what I understand, use PF, and so even if an OS uses something like FreeBSD or NetBSD instead of OpenBSD as its base, whatever it used for the IP filtering would be based on PF, wouldn't it? Or are there IPTables versions on BSD as well?
Also, how is OpenBSD better than other FreeBSD based distros, such as pFsense and m0n0wall,which are aimed solely at being firewalls, unlike OpenBSD, which is more of a general purpose BSD - good for servers AND firewalls. Also, how does OpenBSD's routing compare to that of either m0n0wall or pFsense - particularly for IPv6?
Which file systems does OBSD come w/? UFS? XFS? VFS? BRTFS? Which ones?
BSDs have their advantages over Linux, but portability ain't one of them, given that Linux has been ported to far more platforms than NetBSD. If you want a BSD like OS for your toaster, or some embedded product, why not go w/ Minix 3.2, which is NetBSD userland over Minix microkernel?
How is FreeBSD? Do they have tons of more drivers?
On another note, why don't they include a port for the Itanium? FBSD has had it for a while, NBSD just introduced it in 6.0, so OBSD too could add that port. They could certainly have more penetration for something like that
"I heard they JUST got ACPI S3/SUSPEND working."
Hopefully Linux will catch up some day.
Yes, including some contributed by vendors. For example, we approved a commit bit a few months ago for another person on Intel's network driver team. That said, being polite to companies doesn't really get drivers written. They don't care about us, they care about their customers. When Yahoo says to Intel 'we're buying 10,000 new machines this month and they're all going to be running FreeBSD, what network interface would you suggest?' then they suddenly start thinking that getting good FreeBSD drivers is worthwhile.
I am TheRaven on Soylent News
Linux ACPI s3/suspend has worked on most of the system I've run across for several years now, including the system I'm typing on, where I use it extensively. There's bugs, which don't get the priority they should, but in any case, you should expect OpenBSD will have to labor for another decade just to reach parity with the Linux ACPI support of TODAY... Not an exciting prospect.
Missing suspend/resume was one of several major reasons I switched from several years of OpenBSD usage, to FreeBSD, and then several more years later, from FreeBSD to Linux, though I'm really not sure if I gained much in that last step...
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Ext2 (Write) support was absolutely piss-poor the last time I tried it (a couple years ago), and unsuitable for writing backups to.
In generally, it's all UFS with softupdates, or tar.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
If you look at open source operating systems which have stagnated or failed it's invariably because leadership or politics have stifled innovation.
Abusive asshole creates (copies?) a closed system, expensive, mobile phone - world wide hero
http://www.awfullybigmoustache.com
...if only ACPI suspend/resume worked well.
Linux gets it right, why can't the BSDs? Actually, I haven't tried it with NetBSD, maybe I will.
Knowledge is power; knowledge shared is power lost.
I use an old SGI O2 as light www duty. Its a small secure OS that comes with a bare minimum of bloat. Whats not to like about that?
So, no buttonfly then?
SJW n. One who posts facts.
...film at 11.
We all know that. But do not confuse "the man" with "the OS". Theo probably maintains less control over OpenBSD than Linus does over Linux (a lot of what he does involves maintaining the project's resources and logistics so that the developers can get on with their work rather than dealing with hardware and sysadmin stuff). Yes, he's the founder & leader of the project, but OpenBSD developers are amazing and could easily continue the project without him if required (not that that's at all likely to happen any time soon). Corporations would kill to have this consistent level of developer talent.
Which is why I've been using OpenBSD for 15 years for critical systems, and have no plans to change that.
Do you know whether Yahoo! is still largely hosted on FreeBSD? I worked there at the very end of the 90's, and it was all FreeBSD - even the developer desktop machines ran it. It was my first exposure to FreeBSD, having used NetBSD and Linux before that.
Yes. And they still employ quite a few FreeBSD developers. Apparently they just finished another failed attempt to migrate to Linux.
I am TheRaven on Soylent News
Primarily price and/or personal experience. I'm unsure what products you are buying, but with a true Cisco/iOS product your typically going to have to buy used to get anywhere near the price point of rolling your own. So if you don't have the funds or, for whatever reason, you are already familiar with *BSD/PF, rolling your own router can be a very attractive option. That being said, very few people regret buying a Cisco product.
Any modern car you will buy will get better milage than a '57 Chevy. I'd still love to own and drive a '57 Chevy.
How many critical OS X flaws needing patches?
I don't know. You tell me.
Call me user #5 then.
I have an old Athlon beige box I use as whatever I need. It's my backup desktop (in case both my laptop and primary desktop fail), so it's got a light WM (WindowMaker), OpenOffice (plus Abiword for *most* word processing), and so on. It's a Samba file share, storing backups of my more important files (and my porn). It's a retrogaming system, with ZSNES and a metric fuckton of ROMs.
Most importantly, it's a disposable server for whatever I feel like messing around with. I want to learn how to use PostgreSQL? Install it. Mess with it. Learn it. Repeat for pretty much whatever I want - there are surprisingly few server applications that haven't been ported to BSD.
Yeah, there's nothing it does that Linux doesn't, or couldn't. But I've taken a liking to OpenBSD, for some reason.
I think it's because the default installation has NOTHING. If you install from CD and pick every module, you get ksh, X11 with FVWM, and gcc. That's really it. Having to pick nearly every user-level program you install may be a bit tedious, but it gives me a feeling of more control.
One of the reasons I like OpenBSD is the developers are very forthright about why things can't or won't work. Reading the misc@ mail list is a great way to learn about the issues they face trying to get documentation. There are non-trivial issues with both acpi and efi. The developers reverse engineer what they can.
Instead of asking "Why doesn't OpenBSD have better support for $hardware?" we should be asking "Why don't vendors post more public information about their hardware?"
Anyone who grew up in the 70s and 80s buying electronics probably has very distinct memories of getting schematics and diagrams with their new products (or could order them cheaply). My first cw-band radio came with a full electrical schematic. Now, it's a crap shoot. Some of the blame lies with the industry as a whole. Much lies with the USPTO, or more precisely, the laws governing patentability and duration of patents.
The industry is to blame because it's easier to not to. Even if a retail vendor wanted to release good doc sub-component vendors may refuse to allow them. Why? In part to protect themselves from copycats. In part to protect themselves from patent lawsuits.
Patents are the another aspect of the not-so-secret problem. They're all violating somebody's patent on something (at least in the eyes of the patent holder). Whether it's in the fabrication process, a "method" of calculating or who knows what, someone has a claim. The more a company expose about the inner workings of their devices the more information patent trolls and competitors have for pursuing license (revenue), agreements. The smartphone patent war we're seeing played out in the courts is one example of the problem.
Yet another aspect of the problem is self-serving vendor "standards". EFI began as an Intel initiative. Intel later handed control of the spec over to the UEFI Forum, a non-profit corporation. The goal of EFI isn't so much to fix BIOS as to further vendor interests, whether to protect their "IP" or lock customers into using their devices in vendor "approved" ways.
Contrast that to Open Firmware (OpenBoot) which began as a Sun initiative and later became an IEEE standard. Or LinuxBios (now coreboot) which is an open source replacement replacement for both BIOS and EFI. Coreboot has made some progress but it requires vendor participation to make critical details available for implementation. You can guess how well that's going.
If the OpenBSD project were willing to sign NDAs and/or accept binary blobs there would be better support of technologies like suspend/sleep. But they're not willing to do so. Rather they work with vendors who are willing to share details, reverse engineer where possible and do without when neither option is available.
Predictable behavior and high-quality manufacturing, too.
If Theo hadn't systematically pissed off everyone in large corporations that he's come in contact with, they might have written some drivers.
But he doesn't even want those corporations to write those drivers, he just wants the documentations so he (and other devs) can do it themselves.
They tried the migrations because management has heard about this Linux thing and thinks it's cool. They failed, because they have invested a lot in customising FreeBSD (including a lot of stuff they upstream, and some that they don't) and unless management is willing to spend at least as much on Linux the switch is going to fail. The only sources I have are conversations with Yahoo employees.
I am TheRaven on Soylent News
The difference is that Theo has acted in a way in the past that has caused us to route all communications from him directly to the lawyers. It's not to do with divulging secrets. It's to do with past behavior.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Hey, at least Steve-o paid people to put up with his bullshit. Open source necessarily entails community; corporations do not.
Thanks for the info, I did indeed mis-recall the story, perhaps because S3 was one of the things I switched to FreeBSD for, several years ago.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Maybe if you were still running Irix on the box or using SGI-specific multimedia software, I could follow your metaphor. Running Apache & OpenBSD on the machine is more like taking the body of a '57 Chevy and replacing the interior with that of a 1992 Honda Civic and putting a trailer hitch on it.
my sig's at the bottom of the page.
Capable of mid-20's, yes, if your driving style is somewhere between that of a grandma and a hypermiler.
Normal driving gets most folks in the 14 MPG area for most versions of engine/transmission.
RedHat built their company on making Linux expensive through support contracts, though only 1/10th as expensive as purely proprietary software alternatives... With "supported" linux, there's room for both saving the company big, big money, while still spending enough that there's room for slightly smaller kickbacks to continue flowing.
If RedHat could push into the corporate firewall space (using PF, NOT IPTABLES), at the expense of current "hardware" firewall vendors in the corporate world, I'd be eternally grateful, and would happily pay the RH tax, never mentioning unsupported alternatives.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Theo and the OpenBSD developers and users don't want your crappy binary blob. They want documentation so they can write an open, secure, stable driver.
They tried the migrations because management has heard about this Linux thing and thinks it's cool. They failed, because they have invested a lot in customising FreeBSD
And probably because their staff has a great FreeBSD expertise, but just standard Linux expertise.
Hell I've been dissed by Theo a couple of times. They were entirely justified. I picked myself up and didn't fuck up again. If you can't take it, don't go to the fight.
They want their SMT back.
The classic hardware is being useful by running a modern OS and doing work, while it sits most of the time. Since the owner can shove in a disc, click a few keys, and get it back to factory specs in about twenty minutes with almost zero work anytime he wants, I don't think your analogy is that great either.