OpenBSD 5.3 Released

An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."

BSD, ftw!

[Leafwiz]

:)

OpenBSD is very cool

OpenBSD is very cool. It's amazing what Theo and team have done over the years, and sadly, they don't get the cred they so richly deserve: OpenSSH, OpenBGP, pf, etc., and an awesome operating system that just works out of the box.

I'm very surprised more has not been done with OpenBSD. If I ran a company of any kind, it would be OpenBSD on the servers and Linux on the desktop. I would trust nothing else on my servers. I've worked with OpenBSD professionally and it's a joy to use an easy, well-documented system.

Kudos to you, Theo!

Re:OpenBSD is very cool

You're right! Their code quality is over-hyped. OpenBSD code isn't appreciably better than experienced Linux and GNU developers, although they do favor portability more than most.

What sets OpenBSD apart is a reluctance to write a shit ton of new code, and to inflict it on the world. Great developers write buggy code on occasion; developers with an eye to security and reliability choose to write less code.

Just about _any_ Linux box could be easily rooted from the shell because there's so much code churn in the kernel and elsewhere. Linux security is no better than Windows at this point (and all the policy won't save you when the kernel is buggy). However, I would be cautiously optimistic that a stock OpenBSD box could resist being rooted from the shell.

Re:OpenBSD is very cool

There is some truth to what you say. However, as an experienced IT security guy, one thing that makes OpenBSD "better" than Linux out of the box is its simplicity. Complexity is the enemy of security. And, more importantly, you did allude to the fact that security is a process, not a product. If I get root on anything, I own the box. Secret is to not allow this remotely. Use SSH keys, not SSH passwords for access. Use Radius, Kerberos, and others as a defense-in-depth measure, not just SSH. SSH alone might be fine for an at-home server, but in the real world, it's not.

OpenBSD has better than Linux security out of the box because they do keep it simple. Theo and team understand that complexity is the enemy of security, and the tenets of UNIX also dictate that things be kept simple, that a program should do one thing and one thing well. Pipes exist to make complex commands and shell scripts to automate.

OpenBSD is still a breath of fresh air in regard to code audits. While their code may not be the best, it's the most audited of any OS I'm familiar with, and it generally just works with little trouble.

OpenBSD: not for everyone, but for those discriminating enough to want a very solid base from which to build certain services-based servers and gateways/firewalls.

Re:OpenBSD is very cool

[ThePhilips]

And another little gem - OpenNTPD. Used on several embedded systems. Works like a charm, unlike the whimsical ntpd, which often simply refuses to do its job.

Re:Let us rejoice!

[cold+fjord]

But seriously, it looks like a great set of improvements. It is also great to have a new stable choice for mail transfer.

Subject: Announce: OpenSMTPD 5.3.1 released

OpenSMTPD 5.3.1 has just been released and the archives are available at
our main site: www.OpenSMTPD.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, MacOSX and Linux.

OpenSMTPD presentation is here.

MP Performance?

[inglorion_on_the_net]

Glad to see OpenBSD is continuing to push for better security.

Has anybody been keeping tabs on performance, particularly on multicore systems? I'm curious what gains have been made there over recent years. I know that Linux and NetBSD have improved a lot, but what about OpenBSD?

my favorites

[anarcat]

My favorite improvements:

* OpenSMTPd - can't have too many solid mail servers out there
* OpenSSH 6.2 - new crypto algorithms and other goodies
* pf improvements - sloppy state tracking for ICMP
* relayd and OpenBGPd improvements

now the question is: how long until those trickle down to sister projects like FreeBSD or Debian/kFreeBSD?

Re:my favorites

[Onymous+Coward]

pfSense is a distribution whose whole purpose is simplifying the administration of pf? With another major goal of reliability? What would you expect, then?

and they said GNU was communist

[Trepidity]

Released on May Day, eh? I see what you're up to, OpenBSD. That's a pretty red logo, too.

Re:and they said GNU was communist

That is actually not the logo of OpenBSD but FreeBSD. I don't know why that logo is put there. The OpenBSD logo is more like this.

Re:Where is the OpenBSD online community?

[cold+fjord]

You can find links to OpenBSD mail archives at the bottom of this page.

Protocol correctness?

[klapaucjusz]

Has anyone checked how correctly OpenSMTPd implements the SMTP protocol? The OpenBSD project has an unfortunate history of caring more about simplicity of implementation than correctness (see also this discussion).

Re:v1.0 not production ready ...

[X0563511]

OpenBSD is not Ubuntu. Changes are not made because they feel like it.