OpenBSD 5.4 Released

An anonymous reader writes "The release of OpenBSD 5.4 has been announced. New and notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions."

Re:But ...

Wouldn't that be a little unsafe for OpenBSD's standards?

Re:But ...

[billcarson]

Why, yes, yes it can. There is linux binary emulation available.

OpenBSD Rocks.

[grub]

Rather than slagging OpenBSD, set up a small VM and try it there for a while. It's a fantastic OS, I use it on my gateway/firewall/VPN, other edge-facing devices and a llaptop.

It's a bit minimal but what you get works.

Re:OpenBSD Rocks.

[jones_supa]

What are the benefits over using Linux?

Re:OpenBSD Rocks.

[jawtheshark]

Look into the syntax of pf, then look into the syntax of iptables. Then look back again. If I can, I damn well avoid having Linux firewalls, and I'm a Linux system administrator.

Re:OpenBSD Rocks.

[gagol]

OpenBSD focus on code stability rather than features, uses encryption everywhere it benefits and consider documentation as critical. Overall, it is very stable and secure.

Re:OpenBSD Rocks.

[BitZtream]

Are you a masochist? If you aren't, just use FreeBSD instead. You'll get roughly the same result, minus the pain and suffering Theo inflicts on others who listen to his rants as well as use his code.

Re:OpenBSD Rocks.

[grub]

I'd suggest starting here as a beginning: 9 - Migrating to OpenBSD
One thing I find OpenBSD is head and shoulders above other *nix OSs at: the documentation. Virtually every service, binary, config, library, /etc/*, what-have-you has a thorough manpage included. The emphasis on security and "correctness" shows everywhere: pf is fantastic (iptables is a cancer by comparison), the built-in IPSec is great, it's OpenSSH's "home OS", etc.

Everything fits very well together (as is also the case with FreeBSD and NetBSD). All the OpenBSD users could post replies to your question but the only way to see for yourself is to try it out.

Enjoy!

Re:OpenBSD Rocks.

[drinkypoo]

Last time I used it, it was a very long time ago, and I had to throw it away because the intel NIC driver that I was using (some kind of 10/100 cards) would choke eventually if you had more than 1 in the system, and I had 4.

Now I shall try it again on my olde timey original Atom netbook (Acer Aspire) which I've been putting off installing with anything for lack of anything modern that I wanted to run on it. This is close enough. I ought to have one machine I can kind of trust.

Re:OpenBSD Rocks.

[K.+S.+Kyosuke]

What, iptables has a syntax? I thought it only had command line options.

Re:OpenBSD Rocks.

Trolling is a art.

That's an art you mouth breathing motherfucker.

Re:OpenBSD Rocks.

OP's sig proven correct. lulz.

Re:OpenBSD Rocks.

[Mitchell314]

In other words, boring and lame. :p

Re:OpenBSD Rocks.

You're going to Slashdot to be told what you should do?

Here: http://bit.ly/1aRFdEH

Re:OpenBSD Rocks.

Last time I used it, it was a very long time ago, and I had to throw it away because the intel NIC driver that I was using (some kind of 10/100 cards) would choke eventually if you had more than 1 in the system, and I had 4.

Hmmm, I'm curious which NIC card that was.

One of my OpenBSD servers has been using multiple NICs for years and has been rock solid:

Broadcom 5750 gigabit
Intel 82571EB dual gigabit
3com 3c905B 10/100

Re:OpenBSD Rocks.

Are you a masochist? If you aren't, just use FreeBSD instead. You'll get roughly the same result, minus the pain and suffering Linus inflicts on others who listen to his rants as well as use his code.

FTFY

Re:OpenBSD Rocks.

To me it is having a UNIX system that just works.
Sound, graphics, networking, documentation. Everything is just damn stable. I can update to the next version with no fear that it will break my system. Every new feature is a well thought and all over improvement on the previous version.
With Linux, it is always chasing a moving target that has many attractive features, but each fighting with each other and against the user. Today my WiFi won't work, tomorrow it will work but my headphones will be mute for no good reason. The day after tomorrow the apt database will get corrupted. Don't get me started on RPM.
I do have to renounce to some features and software that will only work in Linux, but in the end, it fits my needs the best.
As a programmer, I also find that when both systems solve a similar problem, the Linux solution usually feels more hackish and ad-hoc while the OpenBSD one(assuredly often in hindsight) feels like a real improvement.
I do always keep a Linux partition with the latest cool distro(currently Mint) but in the end I spend most of my time on OpenBSD.
As for FreeBSD, it is somewhere in a middle ground between Linux and OpenBSD, but, at least for me, that middle ground feels even less comfortable than either one.

Re:OpenBSD Rocks.

[cptnapalm]

I have this truly bizarre UltraSparc laptop. The only two operating systems which will support it are Solaris, obviously, and OpenBSD. Solaris was extremely sluggish whereas OpenBSD with Awesome is quite spry.

Re:OpenBSD Rocks.

Hahaa! Straight into the trap!

Re:OpenBSD Rocks.

V- Hi. I am VAX.
P- And I am a PC.
V- I run OpenBSD-5.5 since 2014-05-12. Uptime 9496 days.
P- I run Ubuntu 14.04 LTS since -NaN. SYSTEM is restarting *NOW*

Re:OpenBSD Rocks.

What are the benefits over using Linux?

No cgroups, and hence no systemd

Re:OpenBSD Rocks.

Comparing Linux+Userland and BSD is like comparing a treefort and a sky scraper. One is engineered, one is like "hey, bring you friends and start helping!"

Re:OpenBSD Rocks.

[Waffle+Iron]

With Linux, it is always chasing a moving target that has many attractive features, but each fighting with each other and against the user.

That's been the continual story of personal computing since the 1970s. *Somebody* has to go through the pain of integrating new capabilities into common use.

Re:OpenBSD Rocks.

[ISoldat53]

Has it changed much since 2003? That's the last time I tried to use it and that's when my manuals are dated. Not a dig, it's just I haven't tried it since.

Re:OpenBSD Rocks.

.. If I can, I damn well avoid having Linux firewalls, and I'm a Linux system administrator.

I'd do so too, and did so in my previous IT job where all my firewalls (bar one) were OpenBSD boxes (the odd one out was a FreeBSD box), but I currently have a 'legacy' Shorewall Linux install which 'works just fine' ®, and I'd rather not touch it.

One of these days, however, one of these days...

Re:OpenBSD Rocks.

[Burz]

OK. I'll set one up in a Qubes VM... that way the system will stay secure. :D

Re:OpenBSD Rocks.

[eudaemon]

Well you can find out for yourself at the OpenBSD home page, which explains their approach to security: http://www.openbsd.org/security.html OpenBSD is definitely an educate yourself then ask questions sort of OS. I'm not slagging on you, just saying it makes more sense for me to post a link than try to recreate the contents of the webpage it goes to. Check it out. Decide for yourself.

Re:OpenBSD Rocks.

[jones_supa]

Reading the comments above and reading some material, my impression now is that it is more robust than Linux, but requires more effort to set things up.

Re:OpenBSD Rocks.

lel. okay lets go back to 4chan guise

Re:OpenBSD Rocks.

[VortexCortex]

Right. I use Debian Stable and OpenBSD. I find that for the most part they're quivalent in the "Damn, they broke shit again" department... Seriously.

Re:OpenBSD Rocks.

[Teckla]

If you prefer crashy and insecure, you know where to find it.

Re:OpenBSD Rocks.

[Bengie]

Just the way sysadmins like it.

Re:OpenBSD Rocks.

[eneville]

Hurm, yes, but there's iptables-restore

Re:OpenBSD Rocks.

No one had mentioned Windows until you just brought it up.

Re:OpenBSD Rocks.

And this arrogant, shitfaced, smug and conceited attitude is why *BSD has continually lost more and more users the last few decades. Congratulations Sir, you got it down to a t.

Re:OpenBSD Rocks.

If you use 4 cards in a system you might be missing legacy IO-resources.

Re:OpenBSD Rocks.

[grub]

They release a new version every 6 months, so your last info is about 20 versions behind...

Re:OpenBSD Rocks.

You mean like ASLR, drive encryption, stack canaries, W^X? None of these were invented there but they were common and integrated into OpenBSD long before any Linux.

Re:OpenBSD Rocks.

And this rough, unwashed, foul-mouthed and shallow attitude is why */Linux has continually gained more and more junk the last few decades. Congratulations Sir, you got it down to a t.

Re:OpenBSD Rocks.

[armanox]

Is it a Tadpole computer? I don't know of too many UltraSparc laptops. I'd consider buying one if they were still available.

Re:OpenBSD Rocks.

Debian Stable is comparable to OpenBSD in that there is a group of people(and that includes users) making sure the changes won't destroy people's systems before rolling out updates. QC, crazy, huh?
Similarities end here.
Debian Stable is effectively dead on arrival. By the time you upgrade to the next version, your software has only been getting back-ported "security" fixes for more than five years. It wouldn't be a bad choice if civilization ends tomorrow and that's the system you are stuck with. But it is hardly optimal.
Debian is also affected by the Linux feeping creaturism(It's not as if they aren't just pulling stuff from sid) and, after half a decade, the shock is much worse. You will have to reconfigure any customization from scratch. Today you were using alsa, X11 and iptables, tomorrow you get to deal with PulseAudio, Wayland and whatever they call that.

Re:OpenBSD Rocks.

[larry+bagina]

OpenBSD wasn't developed by the NSA.

Re:OpenBSD Rocks.

[celle]

Are you a masochist? If you aren't, just use open source instead. You'll get roughly the same result, minus the pain and suffering Steve inflicts on others who listen to his rants as well as use his code.

FTFY

PS Steve Ballmer is still at Microsoft and Steve Jobs hasn't been dead that long so most of his decisions are still being used so it works for both Windows and Mac OSX.

Re:OpenBSD Rocks.

Good. Stay away.

Re:OpenBSD Rocks.

[tlhIngan]

One thing I find OpenBSD is head and shoulders above other *nix OSs at: the documentation. Virtually every service, binary, config, library, /etc/*, what-have-you has a thorough manpage included. The emphasis on security and "correctness" shows everywhere: pf is fantastic (iptables is a cancer by comparison), the built-in IPSec is great, it's OpenSSH's "home OS", etc.

Technically, documentation is required to ensure correctness - because if it's not documented, how do you know it's working correctly?

The fact that OpenBSD has excellent documentation is not because the project cares about documentation, it's that correctness demands it, and you cannot verify correctness if you don't know what the correct thing to do is.

It's a case of where the documentation describes the intentions of the program, while the source code is the implementation of those intentions. Those who argue that "source code is the ultimate document" ignore that fact because source code is just one possible implementation. Who knows if a bug in source code is really a bug (doesn't meet intentions), or is designed to be there (bug is in the intention itself)? Without documentation, you cannot be sure.

It sounds a lot like a specification, right? Well, a specification is just one type of documentation. But there are often more detailed documents you need - configuration files are also a specification and have to be documented to verify behavior. It's not enough to say "option foo mirrors command line option -F" without saying how to enable or disable it (do I do "foo=on", "foo=y"? Or just "foo" and comment it out to disable?).

And since OpenBSD prides itself on its code audits, part of it is to ensure the code mirrors the docs.

Re:Yawn.

[d33tah]

You actually woke up just to see the article?

Re:But ...

If BSD is dead then I wouldn't be typing this on my BSD machine.

Re:Yawn.

[jones_supa]

:D

This is the year...

[JosefSit]

Yay, this is the year of the BSD-Desktop!

Re:This is the year...

[kthreadd]

It could very well be. I just tried it on one of my desktops. Gnome 3.8 worked really nice on it and even had accelerated 3D graphics.

Re:This is the year...

[eneville]

Hang on, Gnome 3.8 worked really nice???

Re:But ...

GNU is dead; BSD will live forever

Re:But ...

[Mitchell314]

I'm disappointed nobody made a BSD parody of that Black Sabbath song.

Re:But ...

It is beyond me why anyone would want to run i386 Linux binaries which are the only supported by binary emulation and then only on i386.
It is a security disaster waiting to happen.
If your machine was built in the last decade you should be running amd64.
Just dual-boot and keep the Adobe binaries away from your encrypted OpenBSD partitions dude.

Linux on my servers, NO WAY.

[eshaw]

There's only one solution when it comes to my network and servers, that's OpenBSD. It's secure, stable and correct coding making it an easy choice. I run a VPN, Web and redundant Firewall servers and OpenBSD gives me a piece of mind, ensuring it's stability. Stability and security are paramount for my network. PF is the king of firewall rules and iptables is an absolute mess. It's simple folks. If you want a serious OS for internet facing infrastructure, why choose anything else. OpenBSD is the obvious answer!

Re:Linux on my servers, NO WAY.

[Burz]

I run a VPN, Web and redundant Firewall servers...

Great. Welcome to 1999!

Re:Linux on my servers, NO WAY.

"piece of mind". Obviously only illiterate morons or masochists would choose OpenBSD over Linux for any serious server duty.

If you want a serious, modern unix-like OS for internet facing infrastructure, there is only one choice, and it isn't OpenBSD, which is pretty much confined to the "toy" or "cutesy" niche.

Re:Linux on my servers, NO WAY.

[fisted]

Dear fanboy, take a look at what ISPs run. No, it's not OpenBSD, but it sure as hell isn't Lunix* either

(*) The losers' unix

Re:Linux on my servers, NO WAY.

[eshaw]

Obviously you have to hide yourself, posting anonymously! Only COWARDS speak in hiding!!!

Re:Linux on my servers, NO WAY.

[eshaw]

Thanks. I've probably been supporting servers before you were born, but thanks anyway juvenile.

Re:Linux on my servers, NO WAY.

[eshaw]

Yeah, plenty of ISP's use OpenBSD, BSDs generally.

Re:Linux on my servers, NO WAY.

[Ducho_CWB]

Dear fanboy, take a look at what ISPs run. No, it's not OpenBSD, but it sure as hell isn't Lunix* either

(*) The losers' unix

Windows 2012 R2 LOL Version.

Re:Linux on my servers, NO WAY.

[fisted]

obviously you have replied to the wrong post

Re:Linux on my servers, NO WAY.

[dbIII]

Great. Welcome to 1999!

Why not? They have cooler spaceships than we have now.

Re:Linux on my servers, NO WAY.

[dbIII]

ZFS
You say you are literate, try reading where it is up to on each platform.

Re:Linux on my servers, NO WAY.

So many baseless assertions. It's like you're trolling.

No signatures, just checksums?

From the FAQ:
"The OpenBSD project does not digitally sign releases. The above command only detects accidental damage, not malicious tampering. If the men in black suits are out to get you, they're going to get you."

Seems a bit fatalistic not to provide any verification method at all...

Re:No signatures, just checksums?

The reason is that you should not rely on any binary release. Download the source code. Audit it. Then build and install it from your own copy.

Re:No signatures, just checksums?

The reason is that you should not rely on any binary release. Download the source code. Audit it. Then build and install it from your own copy.

Or buy the cd set from openbsd!

Re:No signatures, just checksums?

[eneville]

Or buy the cd set from openbsd!

... and the men in black suits will deliver your post ...

Re:But ...

FreeBSD supports i386 Linux emulation on 64bit

Re:But ...

So now I can run my vulnerable apps on a vulnerable OS. If the emulation layer is enough to fool them. And this is better than just using Linux because? Oh right, you can jail apps now they can't access your video card or your files, that will show them.

Never mind the features, what are the benefits?

[petes_PoV]

Or, to put it another way:

What would I be able to do with a box running this that I couldn't do with <operating system X> for any current, contemporary O/S. Let's not talk about potential uses - but real, live, switch it on, press buttons and do stuff type of uses. Things that no other O/S or box running that O/S can do? What are they?

Re:Never mind the features, what are the benefits?

Or, to put it another way:

What would I be able to do with a box running this that I couldn't do with <operating system X> for any current, contemporary O/S.
Let's not talk about potential uses - but real, live, switch it on, press buttons and do stuff type of uses. Things that no other O/S or box running that O/S can do?What are they?

Well, you could probably type a document while the machine is connected to the internet without the NSA having access to your data...

Re:Never mind the features, what are the benefits?

[VortexCortex]

Jail.

Re:Never mind the features, what are the benefits?

OpenBSD doesn't have jails. They were considered too complex--particularly in their implementation--for too little benefit. The most important characteristic of security is simplicity, and while jails are seemingly simple from user space, they hide a lot of complexity. And if you depend on all that complexity being 100% correct for the security of your application, then you may run into trouble.

That's why OpenBSD is such a delight to administer. They eschew complexity from every angle--kernel, user space libraries, configuration files, etc.
Yes, OpenBSD administration and programming is often very manual and rote, but it's simple, and that usually matters much more, on the whole.

Re:Never mind the features, what are the benefits?

[Noryungi]

What would I be able to do with a box running this that I couldn't do with <operating system X> for any current, contemporary O/S.
Let's not talk about potential uses - but real, live, switch it on, press buttons and do stuff type of uses. Things that no other O/S or box running that O/S can do? What are they?

One word: pf.

Best. Firewall. Program. Ever.

Running the latest and greatest version of OpenSSH is also interesting.

Re:Never mind the features, what are the benefits?

make world

Re:Never mind the features, what are the benefits?

Nothing. Stick to your leenoks. Stay out of our fora.

Re:But ...

[Burz]

So now I can run my vulnerable apps on a vulnerable OS. If the emulation layer is enough to fool them. And this is better than just using Linux because? Oh right, you can jail apps now they can't access your video card or your files, that will show them.

Running apps under a hypervisor in Qubes is safer anyway, and it comes with Fedora. You get (safe) video, but not 3D unless you assign a whole video card to a VM.

Re:But ...

[davester666]

Maybe now it's undead?

in some ways far ahead of linux

it's really amazing how stable openbsd is. i've deployed it across all my servers and laptops at this point. they do a ton of good work and in some ways i've found them to be way ahead of linux. for example, the Y2038 problem is one they're fixing now and i don't see that happening any time soon with linux. see this article https://lwn.net/Articles/563285/ for more. openbsd is by far the sanest unix out there.... i just can't imagine ever going back to linux.

Re:in some ways far ahead of linux

Who still runs 32-bit servers?

Re: in some ways far ahead of linux

you mean 32-bit embedded not servers. oh, and hundreds of millions of devices out there...

Doesn't work with Virtualbox

Can't try it. Crashes virtualbox on boot.

Re: Doesn't work with Virtualbox

Time to upgrade Vbox camarade. Or fiddle with the VM options (VT-x, etc).

Re:Doesn't work with Virtualbox

Then you are doing it wrong.
I am running OpenBSD 5.4 as well as -current in Virtualbox. No fiddling with settings required.

Re:Doesn't work with Virtualbox

[Drinking+Bleach]

It requires a system capable of VT-x/AMD-v and enabled as well.

Re:Doesn't work with Virtualbox

What version? Running AMD64 on virtualbox 4.3 crashes. Just to see if it is a fluke, I tried FreeBSD, PCBSD and NetBSD as well and they are all crashy crashy.

Re:Doesn't work with Virtualbox

Yes, VirtualBox is buggy.

Re:But ...

[eneville]

You mean like these? http://www.openbsd.org/lyrics.html#54

Re:But ...

Dual-boot? If malware infects your BIOS, NIC, IPMI, or other device with embedded firmware through Windows, then your other partitions are fscked, whether or not they're encrypted, as soon as you boot them.

No luck with GNU/Linux?

[Wootery]

GNU/Linux didn't work?

this summary sucks

I don't think most people care about vax moving to elf and fuse is definitely not of any use until at least the next release. for me one of the biggest improvements was in the the rewritten dhcpd/dhclient tools. also some nice incremental performance improvements and lots more posix features added. and as usual the amazing man pages just keep getting better with every release (if that's possible). finally just quoting the number of ports doesn't really give an idea of how current the software collection is. openbsd ports rocks harder than most linux distros by a wide margin which I've always been surprised by since I would have expected linux to be faster moving on that front...

Re: But ...

Malware that checks all my file systems for me automatically, even those for other OSes? Sounds awesome, infect my system please!

Yeah...I know...you wanted to reply with "whoosh" so bad, didn't you?

New & extended platforms?

[unixisc]

If they are adding new or extended platforms, instead of octeon or beagle, how about adding Itanium support? B'cos I think they have most others covered - SPARC, POWER, MIPS, and anything still surviving

OpenBSD is just a useless wreckage from the 90s

It is simply unusable, after the install you still need text editors from the 70s (e.g., vi) to configure it (by the way, vi is a wreckage too).
Actually I think that OpenBSD should be simply banned from any serious environment, because young sysadmins don't know how to use vi (why should they?!) and they might not be able to fix serious configuration errors in emergency situations. It's just dangerous.

They claim that OpenBSD is "secure" simply because nobody will ever bother wasting time to audit it, not to mention that the attack surface is almost zero. Even a TV remote is "secure", but unfortunately you can use it only to switch channels.