OpenBSD 5.6 Released

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

FTP

[PlusFiveTroll]

>The installer no longer supports FTP

With FTP acting as fragile as glass in the world of NAT and firewalls, I don't see this as a bad thing any longer. HTTP is reliable when serving large files these days.

Re:FTP

[natex84]

Agreed, except for HTTP when used in a web browser. I don't know how many times I've had large downloads fail in a browser (terminate too early, etc) and have had to fall back to running curl / wget manually instead.

Re:FTP

To be fair that's not HTTP's fault as a protocol rather the fault of shitty browser downloaders... And IMO crc'ing the larger downloads is still a good thing to do so might as well go down to the console in the first place

Re:FTP

[nuckfuts]

With FTP acting as fragile as glass in the world of NAT and firewalls...

I've built several NAT firewalls using OpenBSD and pf. They make it very easy to accommodate both FTP clients and servers behind NAT, by providing a simple-to-use ftp-proxy.

Easy to setup, works like a charm :)

Re:FTP

Agreed, except for HTTP when used in a web browser. I don't know how many times I've had large downloads fail in a browser (terminate too early, etc) and have had to fall back to running curl / wget manually instead.

That can be blamed on browsers generally handling large files poorly. Even large memory use can often render them unsuable at times.

Re:FTP

[unixisc]

So what are they replacing FTP with? They've finally embraced KDE 4.x and LLVM/Clang - I thought that another project had taken up the Clang part. If they're doing all this, why don't they just drop support for IPv4 as well, and just support IPv6? Use a transition mechanism that they prefer for ISPs who are still IPv4 only.

Re:FTP

This is totally offtopic, but that's a brilliant username. I can't believe you have it in sub-1 million vintage. I love the rare near-occurrence of that mythical status.

Re:FTP

[Bert64]

What's more annoying is those download sites which force you to download in the browser, rather than giving you a link that you can pass to wget...

I always used to run wget instead of using the browser, back in the days of dialup and netscape 4.x where the browsers would almost always crash long before a large download had completed. But there are also many cases today where downloading with the browser is just horrendously inconvenient, like when im downloading something only to upload it again to a colocated server (where my upstream speed at home is 1/10 of the download).

Re:FTP

[TheRaven64]

They haven't 'embraced LLVM/Clang', they still ship GCC 4.2.1 or GCC 3.3.6 (depending on the architecture) and compile the base system with it. They ship LLVM/Clang as packages (ports).

Re:FTP

there's definitely interest in moving to LLVM from GCC. The problem is that many of the devs know gcc reasonably well and it works well enough for some of the rare platforms they support (eg. vax). But I bet if someone steps up to do serious work to move from GCC to LLVM it will be embraced by the team. Their web site says that they basically will replace GPL code with BSD code whenever possible. The problem is that right now it's not completely possible to make the change. But it's obvious some of the devs use LLVM. I see commits all the time mentioning that LLVM was used to diagnose such and such code, etc.

Re:FTP

[iggymanz]

Just as an install mechanism they've dropped ftp. There is still an FTP client in the base install, and besides the ftp protocol that client supports http and https

Re:FTP

I agree, terrible practice.
As a workaround, though, you can tell (at least) firefox to "copy download link" once the download has started, which usually(*) gives a wget-able link.

(*) unless they're trying to prevent this with referrer and/or user agent checks, cookies, etc.

Thank you!

[Celarent+Darii]

OpenBSD is fantastic. Thanks to the developers who spend so much time to make it work well!

Re:Thank you!

Seriously - is there anything that OpenBSD does better than ?

YOUR MOM

Re:Thank you!

[Celarent+Darii]

A non-extensive List of Reasons why OpenBSD is better than linux:

1/ OpenBSD's mascot is a puffer fish. Puffer fish can kill you. Penguins are simply parasites living on property no one wants anyway.
2/ OpenBSD's project leader has better hygiene than RMS
3/ OpenBSD's project leader is also more dictatorial than Linus
4/ It's BSD which means it has the karma of open source and you don't need lawyers managing each release cycle.
5/ OpenBSD assumes the world is a bad place. Linux is just hoping no one will do something bad.
6/ It doesn't update stuff simply because it can, but because it has to. Linux just updates stuff because they can, and stuff breaks.

Perhaps someone else has something to add?

Seriously, it just works. If you like what you have, keep using it! Not like I'm going to force you to quit using whatever you have.

Re:Thank you!

[X0563511]

2. Does not require PulseAudio, but can still output multiple channels from multiple apps at the same time. This was always a problem with ALSA.

dmix says hello, while flipping PA (and Pottering) the bird.

Re:Thank you!

The first place you will find updates for new wireless cards

Wireless support on OpenBSD is there, but it's poor. New wireless cards are certainly not supported. All cards, even n cards, are stuck on g. ac has no support, and judging by how fast wireless has developed there, it won't arrive until next decade.

Re:Thank you!

[Aethedor]

Penguins are simply parasites living on property no one wants anyway.

Than how can a penguin be a parasite?

Re:Thank you!

yep, it's true the project needs more skilled developers to get N and AC support added to wireless. but the existing wireless is SO much easier than Linux. I love it. I think there was a developer a while ago who did all the work to get everything up to G supported but I think he disappeared. Anyway, would love to see someone with the skills step up and add AC support etc. In the meantime I've gone and bought my 5.6 CD to support the project...

Re: Thank you!

[the_humeister]

Does OpenBSD have ZFS support? No? Then I'm sticking with FreeBSD.

Re: Thank you!

[eneville]

I admit that ZFS has some impressive features, but it also requires oodles of RAM. Don't discount openbsd for not having it, there are some instances where ZFS is more of a hinderance than an advantage. Small network routers being one of them, for that OpenBSD is perfect with its feature-full pf (freebsd lags a few versions behind, though that version is also quite capable).

Re:Thank you!

lol

If you need NetworkManager, for a server....... then stick with linux

Re: Thank you!

8GB is oodles?

Re: Thank you!

[eneville]

By current off the shelf standards no, 8G isn't particularly unusual. However, I've run OpenBSD on *much* less. Heck, I even have ZFS running on less, it's just not that much fun when you have to retune it because of memory hogging. Would be good if this aspect could be resolved then I'd use it more frequently.

Re:Thank you!

[Anon+E.+Muss]

... check out OpenBSD before checking out FreeBSD, and I cannot stress this enough. FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows.

Citation needed.

Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

Yeah, it can suck to run a server-focused OS on a desktop/laptop.

FreeBSD devs do not care about their OS

This is objectively false. Any devs working for free must care, of they'd hack on something else. Any devs being paid must have an employer who cares. The problem is that the people hacking/funding FreeBSD don't care about the same parts of the system that you do.

Re: Thank you!

unfortunately it requires ECC RAM and consumer trash hardware barely support 32Gigs of non ecc ram.

Re:Thank you!

[Bengie]

You can thank OpenBSD for Linux, and FreeBSD, 64bit modes finally working. OpenBSD has a history of spearheading new tech and working out the bugs. Both Linux and FreeBSD were afraid of switching to 64bit because it would break some software. OpenBSD didn't give a crap, so lots of programs got their bug fixes. Same thing with ASLR, and lots of other modern features.

Re:Thank you!

18 years and only 3 remote bugs. I'd say they're doing code quality a hell of a lot better than anyone else.

Re:Thank you!

[Bengie]

Most of the FreeBSD devs run Current, not even stable. Even Netflix runs all of their servers on Current. Recently, the FreeBSD devs were bragging about how their FreeBSD laptops were finally not the systems with issues at the conference, but the Mac laptops were having issues with the wifi. I'm going to have to say that you pretty much just made everything up.

Re:Thank you!

Hmmm, wait, did you just described Slackware ??

Re:Thank you!

[gmack]

1. OpenBSD supports laptops, specifically Thinkpads, better than any other operating system not called Windows. Suspend/resume works, instantly.

That's less of a good thing considering how nasty Lenovo is to work with. Not only did they continue locking their mini pcie port against "unauthorized" wifi cards, they have double downed on their customer hating behaviour by refusing to charge third party batteries. Since that was written, they seem to have moved the enforcement into the firmware.

Re:Thank you!

[unixisc]

How is it compared to FreeBSD? FreeBSD has no wireless support for rare WiFi chipsets such as Intel's Centrino

Re:Thank you!

[unixisc]

Did they do that by connecting their FBSD laptops by cable to the nearest router? B'cos FBSD does not support Intel's Centrino chipsets - at least not recent ones. I have a Dell Inspiron 17 and for networking, I have to run an ethernet cable from the router: the Centrino WiFi is not recognized

Re:Thank you!

OpenBSD doesn't have a steep learning curve, I found it quite easy to learn and use.

Re: Thank you!

ZFS does not require ECC RAM, no more than Btrfs at least.

Re:Thank you!

[weilawei]

Guess they've upgraded to the 6-year itch.

(I keed! I keed!) They have a fantastic track record. I've finally switched over to OpenBSD myself and I'm psyched about this latest release--been waiting eagerly all month for it.

Re:Thank you!

[torsmo]

OpenBSD's project leader is also more dictatorial than Linus

But unlike Linus, who can throw industrial-grade Finnish profanities at his minions, Theo's Afrikaans cuss-word-foo is weak. Something along the lines of "Jy was uit jou ma se gat gebore want haar poes was te besig" wouldn't go amiss, methinks.

Re:Thank you!

[Blaskowicz]

There's an opportunity here.. swap the wifi card with the one of the owner of an older laptop running Windows or recent linux, then he or she'll get slightly better wifi (perhaps) and you get working wifi.

Re:Thank you!

[ruir]

Unless you have an HP netbook like I had where they whitelisted the wifi because that particular model was being used and bought to be used as an hackintosh... Idiots.

Re:Thank you!

[Tom]

Perhaps someone else has something to add?

It has a properly managed release cycle. For corporate installations, that's a real bonus. You can put it on a machine and schedule the update in your calendar, because you already know when it's going to be. And between those two dates, you can largely forget about it.

Re: Thank you!

hah hah. ek dink theo kan nie Afrikaans praat nie.

Re:Thank you!

I haven't used FreeBSD but I've never had a problem with OpenBSD's intel wifi support on any laptop I've tried.

Re:Thank you!

Not to mention BSD license is both more Brooklyn Hipster friendly *and* more corporate friendly than GPL. Who would have thunk.

Re:Thank you!

[unixisc]

Uh, the Intel Centrino WiFi is integrated onto the motherboard. That's the whole idea - one shouldn't need a dongle for it to work. With Linux, generally, WiFi support is better, but for some inexplicable reason, FBSD, despite having less license restrictions, can't get a WiFi driver - open OR closed - for this chip. And unlike NVIDIA, Intel is one of those companies that is happy to work with and on FOSS projects.

Re:Thank you!

[Tom]

Frankly speaking I like the GPL more, but that's a personal preference.

People who whine about it not being corporation friendly are either lying or they've never worked in a corporation. The licence management for all the commercial licenses is a much bigger hassle than the GPL, except for a few borderline case software development houses.

Re:Thank you!

[jeremyp]

Perhaps someone else has something to add?

7/ systemd doesn't run on it.

Re:Thank you!

"Seriously - is there anything that OpenBSD does better than ?"

Snowden's NSA slides shows that every major OS were compromised, except OpenBSD. It was absent on all slides.

Re: Thank you!

ZFS does not _require_ much RAM. It has an very efficient disk cache, so if you have less RAM, the ZFS performance will degrade to disk speed. Which suffices for most people anyway. I have run ZFS for over a year on a (one) 1GB RAM, P4 for over a year without problems.

The thing is, if you use ZFS deduplication then you need 1GB RAM for every TB disk space. Deduplication is not well implemented on ZFS right now, so avoid it. If you are not using deduplication, then 4GB RAM will be fine (with the caveat that ZFS performance degrades to disk speed).

Re:Thank you!

[gavinatkinson]

FreeBSD has no wireless support for rare WiFi chipsets such as Intel's Centrino

That's odd, because pretty much every laptop I have has a Centrino Wifi chipset, and it works fine. The laptop I'm using right now is FreeBSD and has a Centrino wifi chipset, the Intel Wireless-N 105. Associated with 802.11n as well, with no problems. Can OpenBSD do 11n yet?

Re:Thank you!

[gavinatkinson]

FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows.

Not true. I'm using it right now.

Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

Not true, I can suspend/resume just fine, thanks. Your comment about not being able to switch between X and console suggests your knowledge is at least two years out of date. It was true for a short while in -CURRENT (the development branch) but never the case in a -RELEASE version.

FreeBSD devs do not care about their OS; OpenBSD devs actually use their system.

Also easily provably not true.

Re:Thank you!

[adri]

Hi,

I'm the wifi guy. Your post is misinformed. FreeBSD developers use their OS on non-server hardware. Everything you said above works. Even the wifi.

https://twitter.com/encthenet/...

You're very welcome!

-adrian

Re:Thank you!

[adri]

No, the problem is that we don't have as many active wifi developers as other projects, but the desire/need is still there.

I now have a couple of people helping me chase down intel driver bugs and implement / port the 7260 driver from Linux/OpenBSD.

-adrian, typing this on a freebsd laptop with a centrino wifi adaptor working just fine.

Re:Thank you!

[metrix007]

5/ OpenBSD assumes the world is a bad place. Linux is just hoping no one will do something bad.

Yes, by barricading all doors and windows. In the event someone does get in to do something bad, there is very little in place to protect against it.

No ACL, Auditing, MAC etc. Just very basic chroots and securelevels. Meh.

Re:Thank you!

[yosephi]

This release sounds exciting. I've already installed 5.6 and am looking forward to exploring.

AC, you should really do your research before spreading misinformation. I'm writing this response from a laptop (Lenovo X220) exclusively running FreeBSD 10.1 with an Intel HD Graphics 3000 that is fully supported. I have no problems going from Xorg to the console and back. Oh, and I suspended the laptop when I left work. At home I opened the lid and it was up and running within about 2 seconds. But, this story is about OpenBSD, so I'll stop there.

jrm

Re:Thank you!

[Blaskowicz]

I assume almost every laptop is using a Mini PCI express card, before that it was the bigger mini PCI.
It's even become common on desktops such as mini-ITX motherboards and Intel NUC.
You ought to have the wifi on a tiny user-accessible board unless you're using an Apple product or a tablet or a particularly integrated computer. Oh, Intel is working on that indeed.

Re:Thank you!

[fisted]

Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

[...] Your comment about not being able to switch between X and console suggests your knowledge is at least two years out of date. It was true for a short while in -CURRENT (the development branch) but never the case in a -RELEASE version.

Not true, 10-RELEASE has this issue. I'm experiencing it first-hand, but to also quote your handbook:

6.4.1. Caveats
[...]
Intel: as of FreeBSD 9.1, 3D acceleration on most Intel graphics, including IronLake, SandyBridge, and IvyBridge, is supported. Due to the current KMS implementation, it is not possible to switch between the graphical console and a virtual console using Crtl+Alt+F#.

Re:Thank you!

Both Linux and FreeBSD were afraid of switching to 64bit because it would break some software. OpenBSD didn't give a crap, so lots of programs got their bug fixes.

According to Wikipedia the first release of OpenBSD to support 64bit was version 3.5, released on May 1, 2004. The Linux kernel has supported 64bit since 2001 and SUSE Linux 8.2, released in April 2003 had a 64bit kernel and libs.
Fedore Core 1, released in February 2004 was afaik almost entirely 64bit.

- Peder

Re:Thank you!

[unixisc]

How did you get wifi recognized on your FBSD?

Systemd?

I thought GNOME depends on systemd? Does OpenBSD come with systemd now?

Re:Systemd?

No, and no, unfortunately.

Re: Systemd?

Fortunately!

Re: Systemd?

Actually it is. I run a large distributed Kerberos system on OpenBSD, but they decided to drop Kerberos in 5.6. So now I'm looking into switching all KDC nodes to Linux/CentOS 7 and thus also systemd.

Re:Systemd?

[Delicious+Pun]

The best feature systemd has is that it is stuck in linux land. Let the kids have their bleeding edge shiny. Everyone else has the BSDs.

Are you a systemd fanboy? I don't give a fuck what you think.

Re:Systemd?

Nothing wrong about 1970's Unix. It was great at the time; thing is, time changed.

Re:Systemd?

[plopez]

It's now called OS X...

Re: Systemd?

[fnj]

Has our AC determined whether Kerberos is in OpenBSD ports? I am reading "Kerberos has been removed from the base system. Kerberos support will be available via a package."

Re: Systemd?

Which is a huge different compared to being part of the supported base system. Packages in OpenBSD are basically supported on a best-effort, usually not at all if you're not using CURRENT and that's a no-go in this case. Sad to see it go, it's a great system. All I've really missed in it has been automatic binary updates. Installing updates by applying source patches can be somewhat time consuming.

Re:Systemd?

If something works for 45 years, don't fuck with it! Especially not for the sake of replacing it with something BROKEN (IE systemd).

Re:Systemd?

[eneville]

If something works, what like gas guzzlers? Yeah, time has changed, it *is* possible to get more than 15mpg. However, systemd sucks right now.

Re:Systemd?

No OS in the 1970s had cutting edge crypto like ChaCha20 embedded in the OS. You may want to avoid making random comments that just make you look stupid.

Re:Systemd?

I can bolt new shit on to 70s cars as well. That doesn't mean they aren't still old cars.

Re:Systemd?

Seriously, pipe down. You're just embarrassing yourself.

Re:Systemd?

[unixisc]

OS-X is not 1970's Unix by any stretch of imagination. It's a descendent of NeXTstep, or in other words, its base system is a descendant of Mach and BSD. Unix, as per the 70s definition, was SVR4.x. So the versions that were really Unix - until the Unix certification programs kicked in - were Solaris and SCO. BSD based Unixes didn't count - whether they were the original BSDs, or OSF/1, or SunOS or Ultrix.

Re:Systemd?

So the versions that were really Unix - until the Unix certification programs kicked in - were Solaris and SCO. BSD based Unixes didn't count - whether they were the original BSDs, or OSF/1, or SunOS or Ultrix.

BSD certainly did count up until AT&T sued their ass and they removed the infringing code.

Read any literature on Unix from the '70s and it frequently refers to "BSD Unix." There's a reason this book isn't titled The Design and Implementation of the 4.3 BSD Almost-Like-It-But-Not-Officially-Unix Operating System.

Re:Systemd?

Sure brah. Keep bragging about your about your Pinto with its bolted-on body kit.

Re:Systemd?

I know you think you know a lot about 1970s cars but try to stay on topic here instead of embarrassing yourself... again and again.

Re:Systemd?

[iggymanz]

hahaha, one of the desktop choices is GNOME 3.12, and no there isn't systemd

Re: Systemd?

Try the M:Tier service, for binary updates of packages and kernel. Works very well.
https://stable.mtier.org/

pf

[brynet]

Also related, Peter N. M. Hansteen is auctioning off the first signed copy The Book of PF, 3rd edition. He will be supporting the OpenBSD project by donating the amount raised to the OpenBSD Foundation.

http://bsdly.blogspot.com/2014...

Thank you!

[sunderland56]

[Citation needed]

Seriously - is there anything that OpenBSD does better than ?

Internet slide shows suck, but a "10 reasons OpenBSD is better than linux" would help out a lot here.

Rde of the Valkyries?

[plopez]

Seriously? The last ditch and unsuccessful attempt by the forces of heaven to prevent the destruction of Valhalla is not a good omen. The forces of good are overwhelmed by the forces of evil despite heroic efforts. I think Carl Jung pointed out that the Norse mythos was the only one he knew of where good does not triumph in the end. Or perhaps it was a reference to 'Apocalypse Now'. In ether case, as I said, not a good omen.

Re:Rde of the Valkyries?

[plopez]

I don't think frost giants are good in any mythology.

Re:Rde of the Valkyries?

[geminidomino]

I'm not sure about Wagner's operas, but don't forget the end of the Ragnarok myth: Yes, the 9 worlds are frozen in a relentless year-long winter, then destroyed in a war where gods and ettins alike are almost completely wiped out, it's pretty glum stuff. But after that's all over, you've got the two people hiding in the world tree who come out, meet Baldur and Hodr (now back from the dead) and Thor's kids, and start over.

It's like finally being able to throw out that crufty old pascal code-base and re-write it in $WHATEVER_LANGUAGE_YOU_WANT_THAT_DOESNT_START_A_FLAMEWAR. Not a bad omen at all. :)

Re:Rde of the Valkyries?

think Carl Jung pointed out that the Norse mythos was the only one he knew of where good does not triumph in the end

That's subtle way of predicting the end of the childhood of the mankind. Perhaps the same can be said about certain operating systems.

Re: Rde of the Valkyries?

[jd]

Apparently, they're the good guys in the Book of the Three Letter Agencies.

Re:Rde of the Valkyries?

[fustakrakich]

Kill the wabbit!

Re:Rde of the Valkyries?

$WHATEVER_LANGUAGE_YOU_WANT_THAT_DOESNT_START_A_FLAMEWAR

So, either an existing language that nobody uses (and not even all of those), or a language that doesn't yet exist...

- T

Rde of the Valkyries?

It depends on what you consider Valhalla, good and evil lies in the eyes of the beholder.

Removed sendmail ... smtpd is the MTA

[fnj]

Just about EVERY SMTP MTA is named "smtpd". Sendmail's is, but so it Postfix', and so is OpenSMTPD's.

In case anyone wants to know, OpenSMTPD replaces sendmail as the default MTA in OpenBSD 5.6. Now how hard was that, to actually state a piece of useful information instead of a nonsense phrase conveying nothing?

Re:Removed sendmail ... smtpd is the MTA

Postfix's

Re:Removed sendmail ... smtpd is the MTA

[ZorkZero]

Umm, sendmail's process is called 'sendmail', postfix has no process called 'smtpd'.

Thank you!

1. OpenBSD supports laptops, specifically Thinkpads, better than any other operating system not called Windows. Suspend/resume works, instantly.
2. Does not require PulseAudio, but can still output multiple channels from multiple apps at the same time. This was always a problem with ALSA.
3. PF is a lot easier to configure than ipfw. It is the firewall of OSX.
4. Man pages for EVERYTHING.
5. A simple init system. Whether or not it is better than systemd is debatable.
6. Not tied to any one desktop environment. Gnome 3.x is well-supported, but not requisite for anything.
7. The first place you will find updates for new wireless cards, OpenSSH, LibreSSL, libc (Android actually uses this instead of glibc).
8. Full disk encryption without requiring an unencrypted boot partition, unlike Linux.
9. Simple, text-based config files.
10. No need for HAL or *Kit or whatever flavour of the week abstraction layer is needed for interfacing with your hardware.

OpenBSD is not for everybody; there is a steep learning curve and a lot of software is not supported. But if you need a simple operating system that doesn't change much from release to release, it's worth checking out. If you are looking for an alternative to systemd (which I honestly have no problem with), check out OpenBSD before checking out FreeBSD, and I cannot stress this enough. FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows. Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly. FreeBSD devs do not care about their OS; OpenBSD devs actually use their system.

Packed my bags

When they introduced that SystemD trash in Linux, I packed my bags and moved to OpenBSD. Have not looked back.

Re:Packed my bags

Yep, same here. So long, and thanks for all the penguins.

Does it fix the performance issues?

Does it fix the performance issues? Seriously, OBSD is slow as hell, no usable in any way on modern hardware.

Re:Does it fix the performance issues?

I run OpenBSD on some computers from the early 1990s without any performance problems.

Sure if you're hoping to play a real-time FPS at 4k you're probably out of luck, but for networking or just as a regular laptop with chrome I don't have any problems. Please state some facts about what you're finding to be slow instead of making unsubstantiated claims.

Re:Does it fix the performance issues?

"Without any performance problems"? What does than mean?!

OK, test FreeBSD or Linux on the same system and compare performance numbers against OpenBSD. Web server, database, desktop, whatever you want, I guarantee OBSD will be slower.

So far you're offering nothing other than "works for me" when in fact you probably have no idea what you are missing out on.

Re:Does it fix the performance issues?

blah blah blah. still no hard facts. blah blah blah.

ps. i've tried linux and freebsd for years. linux may be fast but what good is fast if you can't trust the results due to buggy code. I know exactly what I'm "missing out" on.

Re:Does it fix the performance issues?

[x0ra]

"simplicity and security" are merely excuses to compensate for the lack of manpower.

Re:Does it fix the performance issues?

[TheRaven64]

OpenBSD's malloc implementation is noticeably slower than anyone else's. It is, however, more likely to make certain categories of memory management error crash the program (rather than leaving it in a state where an attacker might be able to exploit the bug). Unfortunately, most modern exploit techniques don't rely on the invariants that OpenBSD's malloc() breaks, so you end up paying the performance cost without getting much by way of security gain (unless your attacker is a script kiddie who is using 5-year-old scripts).

Re:Does it fix the performance issues?

Do you have any benchmarks? Last I read it is only like 2-5% slower than other OS's malloc. As a developer I find testing on OpenBSD very useful. If I can get my app to run there with all the memory and sanity checks then I feel better about my app having fewer bugs.

btw, I know there are ways to cirucumvent each of the memory protection techniques used by OpenBSD in isolation, but as far as I know there is no way to circumvent things if all the techniques are used at the same time. So I'm not sure I agree with you that there isn't much security gain. I especially like their recent addition of the stack shuffle switch to the compiler. I've been using it on my app.

Re:Does it fix the performance issues?

How can you do a security audit on something complex? I don't think it's an excuse, I think it's totally reasonable. For example take a look at Bernstein's crypto library which OpenBSD makes use of. Bernstein (who many consider a genius) specifically designed the library to remove the many knobs that other libraries include. And he did this specifically to increase simplicity, thereby being easier to audit and therefore more chance of actually being secure.

I don't buy your argument one bit.

Re:Does it fix the performance issues?

If you claim OpenBSD malloc is inferior to other OSes, how do you explain OpenBSD as the more secure OS out there? On Snowdens NSA slides, OpenBSD were noticeably absent on all slides. All major OSes were compromised, except OpenBSD. That's a fact. OpenBSD is safer than Windows or Linux. NSA can not get into OpenBSD servers.

Re:Does it fix the performance issues?

[TheRaven64]

It's been a few years since I did any benchmarking, but back then it was 10-20% slower than jemalloc (the FreeBSD default malloc). Some of the slowdown was hidden in microbenchmarks (worse memory fragmentation, so more cache misses after programs have been running for a while), but anything that did a lot of memory allocation - especially short-lived allocations - was noticeably slower. Unfortunately, this is the kind of overhead that encourages people like the OpenSSL devs to ship their own buggy allocators to avoid the overhead of the system one.

Re:Does it fix the performance issues?

[TheRaven64]

If you claim OpenBSD malloc is inferior to other OSes, how do you explain OpenBSD as the more secure OS out there?

I said it was slower, not inferior. It does provide slightly better safety, but if you've got a targeted attacker then you can still bypass the protections.

On Snowdens NSA slides, OpenBSD were noticeably absent on all slides

So were ReactOS and Haiku. OpenBSD most likely doesn't have enough market share for the NSA to care about. Things like the OpenSSL vulnerabilities that they knew about all worked fine on OpenBSD, so there was no point in investing effort in finding OpenBSD-specific exploits.

You'll also notice that OpenBSD hasn't shown up in publications in top-tier security conferences much for five or so years - exploit mitigation targets in other systems were more interesting to try to break.

Re:Does it fix the performance issues?

you mean they where able to break other systems exploit mitigations

Re:Does it fix the performance issues?

[TheRaven64]

No, I mean that they broke the ones that OpenBSD comes with and OpenBSD hasn't added new ones for years. They're no longer interesting as a target for security research.

Re:Does it fix the performance issues?

[iggymanz]

wrong, developers of your bloated Gnu/Linux distro of choice are using OpemBSD project code to compensate for lack of ability in key areas such as security.

Apache

They also removed apache from the base OS. That's a big change to be missed above.

Re:Apache

what's the big deal whether something is in base or ports? it's the same team that maintains things.

Re:Apache

[fnj]

what's the big deal whether something is in base or ports? it's the same team that maintains things.

If you say it's the same team that works on bases system and ports, then I don't have the knowledge to take issue with that. I would not have guessed so, though.

At any rate, OpenBSD has this to say: "The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security."

I think it's a pretty big deal.

Re:Apache

Not really, no. Ports don't receive the same level of scrutiny as the base OS. When the developers feel something is too complex or crufty for them to take care of, it gets moved to ports (e.g., Lynx, kerberos, Apache, nginx). So the very fact that something is in ports is a clear indication that it probably isn't up to the same standards as the rest of the OS.

Re: Apache

It's not so cut and dry. That warning is more about not blindly trusting stuff in ports. There are some things in base that are really written by the OpenBSD team and some things that are integrated from 3rd parties. For example I bet that gcc in base is not particularly as well audited as code that originated from the openbsd team like libc or the kernel. And there are some things in ports that are incredibly well audited. The biggest problem is that there is a gazillion times more code in ports so a team of 100 people can't reasonably be expected to read every single line there. but Lynx, Apache etc in ports that are actually used by devs probably get more scrutiny than other ports that might not be widely used by devs.

Does it fix the performance issues?

It works fine on my modern hardware. No, it isn't the fastest OS, but I'll take a bit of slowdown for the sake of simplicity and security.

httpd

They also removed apache from the base OS and added their own httpd in this release.

openBSD is slipping...

Remember a decade or so ago when they used to have brags like "5 years without a remote hole in the default install" etc. now it just has the vague "no remote holes in a heckuva long time" whatever that actually means...

Re: openBSD is slipping...

yeah because they got tired of updating it every year. "9 years no new remote vulns", "10 years no new remote vulns", etc etc. gets pretty boring to keep updating it every year. so what's your point?

Head lice

Your head lice are parasites, even if no one wants you either.

Thank you!

[dbuckman]

I second the thank you to the developers.

What I like about OpenBSD.

There are no black boxes. I can do a "ps aux" and very easily understand every process that is running and it only takes up one page on the terminal. I use linux for my desktop/laptop and it is great for that but there are pages of processes running and I have to hunt to figure out what some of them are. If I want to understand the boot process it is well documented and I can edit a few files and figure it out.

PF. PF is a great firewall with some amazing features.

Secure. Again only processes running that I want running.

Small footprint. I just downloaded the 5.6 AMD64 iso. 227mb. It got smaller from 5.5 to 5.6. You never see that.

I find it a pleaser to work with. It doesn't make a lot of assumptions for you. Easy install. Give it a try.

What are the limitations of OpenBSD?

[walterbyrd]

I'm guessing it's the apps. OpenBSD is probably great for servers, but does not have all the desktop apps as Linux.

Or, maybe I'm wrong.

I am really hating Red Hat's hostile takeover of Linux. I may consider a BSD.

Re:What are the limitations of OpenBSD?

[nawcom]

It comes down to if the desktop app has a Linux-specific dependency. X11 with GTK+/Qt/etc aren't limited to Linux. Something like Gparted is another story for obvious reasons. Virtualization support is another issue. But if you're asking if you can run XFCE/KDE/GNOME/whatever with Firefox/OpenOffice/the usual X11 apps that casual Linux users use, yes it can. However, don't expect equal graphics card support in X11 compared to Linux and even FreeBSD. Take a look in OpenBSD ports if you're curious about something specific. There's probably a number of less-popular apps that aren't in there that would compile just fine; some will probably require a change in the resulting Makefile here and there. As stated in above comments, there are people who use it as a main desktop OS for their laptops.

Re:What are the limitations of OpenBSD?

Well, with the exception that FreeBSD has official drivers from NVidia, currently OpenBSD has the most complete and up to date implementation of the new graphics stack of all the BSDs. Still fairly old compared to what is in Linux of course, but what they do have works well.

I won't be buying the CDs this time

I used to look forward to throwing a little bit of money at OpenBSD, and in exchange getting some CDs and stickers - which mostly sat on my shelf (I've built one OpenBSD machine for a project in the last year.) But not this time.

Theo has decided that it's best for OpenBSD to funnel all purchases through one distributor.

Last May I paid $55 to buy the CDs from a local business which I've done business with for (literally) decades. This time, after spending 20 minutes trying to get an order accepted on a broken, and frankly annoying, web site, I discovered that the CD's would cost me $70. Sorry, call it sticker shock, heck call me a loser who's not sufficiently dedicated to "the cause", but for me the cost .vs. benefit of contributing to the project by buying CDs has tipped away from making that purchase.

The downloads are free, and I always have the option of contributing directly to OpenBSD, so life will go on ...

Re:I won't be buying the CDs this time

I think the previous person who used to do CD sales decided to finally retire after doing it for many years. The new store is from the people who stepped up to keep providing a service of selling CDs.

There were definitely some teething pains with the store fo 5.6 but hopefully they'll do a better job for 5.7. I'm sure direct donations are always appreciated by the project though. But personally I persevered with the on-line order from the new shop and after 3 attempts to buy the CD (!!!) it finally worked. The one good thing in the US is they subtracted VAT from my order which they don't seem to show you on the actual order site.