Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 5.6 Released

Posted by timothy on from the making-the-world-a-better-place dept.

An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.

81 of 125 comments (clear)

  1. FTP by PlusFiveTroll · · Score: 4, Interesting

    >The installer no longer supports FTP

    With FTP acting as fragile as glass in the world of NAT and firewalls, I don't see this as a bad thing any longer. HTTP is reliable when serving large files these days.

    1. Re:FTP by natex84 · · Score: 2

      Agreed, except for HTTP when used in a web browser. I don't know how many times I've had large downloads fail in a browser (terminate too early, etc) and have had to fall back to running curl / wget manually instead.

    2. Re:FTP by nuckfuts · · Score: 2

      With FTP acting as fragile as glass in the world of NAT and firewalls...

      I've built several NAT firewalls using OpenBSD and pf. They make it very easy to accommodate both FTP clients and servers behind NAT, by providing a simple-to-use ftp-proxy.

      Easy to setup, works like a charm :)

    3. Re:FTP by unixisc · · Score: 1

      So what are they replacing FTP with? They've finally embraced KDE 4.x and LLVM/Clang - I thought that another project had taken up the Clang part. If they're doing all this, why don't they just drop support for IPv4 as well, and just support IPv6? Use a transition mechanism that they prefer for ISPs who are still IPv4 only.

    4. Re:FTP by Bert64 · · Score: 2

      What's more annoying is those download sites which force you to download in the browser, rather than giving you a link that you can pass to wget...

      I always used to run wget instead of using the browser, back in the days of dialup and netscape 4.x where the browsers would almost always crash long before a large download had completed. But there are also many cases today where downloading with the browser is just horrendously inconvenient, like when im downloading something only to upload it again to a colocated server (where my upstream speed at home is 1/10 of the download).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    5. Re:FTP by TheRaven64 · · Score: 2

      They haven't 'embraced LLVM/Clang', they still ship GCC 4.2.1 or GCC 3.3.6 (depending on the architecture) and compile the base system with it. They ship LLVM/Clang as packages (ports).

      --
      I am TheRaven on Soylent News
    6. Re:FTP by iggymanz · · Score: 1

      Just as an install mechanism they've dropped ftp. There is still an FTP client in the base install, and besides the ftp protocol that client supports http and https

  2. Thank you! by Celarent+Darii · · Score: 4, Interesting

    OpenBSD is fantastic. Thanks to the developers who spend so much time to make it work well!

    1. Re:Thank you! by Celarent+Darii · · Score: 5, Funny

      A non-extensive List of Reasons why OpenBSD is better than linux:

      1/ OpenBSD's mascot is a puffer fish. Puffer fish can kill you. Penguins are simply parasites living on property no one wants anyway.
      2/ OpenBSD's project leader has better hygiene than RMS
      3/ OpenBSD's project leader is also more dictatorial than Linus
      4/ It's BSD which means it has the karma of open source and you don't need lawyers managing each release cycle.
      5/ OpenBSD assumes the world is a bad place. Linux is just hoping no one will do something bad.
      6/ It doesn't update stuff simply because it can, but because it has to. Linux just updates stuff because they can, and stuff breaks.

      Perhaps someone else has something to add?

      Seriously, it just works. If you like what you have, keep using it! Not like I'm going to force you to quit using whatever you have.

    2. Re:Thank you! by X0563511 · · Score: 4, Informative

      2. Does not require PulseAudio, but can still output multiple channels from multiple apps at the same time. This was always a problem with ALSA.

      dmix says hello, while flipping PA (and Pottering) the bird.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    3. Re:Thank you! by Aethedor · · Score: 1

      Penguins are simply parasites living on property no one wants anyway.

      Than how can a penguin be a parasite?

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
    4. Re:Thank you! by Anonymous Coward · · Score: 1

      yep, it's true the project needs more skilled developers to get N and AC support added to wireless. but the existing wireless is SO much easier than Linux. I love it. I think there was a developer a while ago who did all the work to get everything up to G supported but I think he disappeared. Anyway, would love to see someone with the skills step up and add AC support etc. In the meantime I've gone and bought my 5.6 CD to support the project...

    5. Re: Thank you! by the_humeister · · Score: 1

      Does OpenBSD have ZFS support? No? Then I'm sticking with FreeBSD.

    6. Re: Thank you! by eneville · · Score: 2

      I admit that ZFS has some impressive features, but it also requires oodles of RAM. Don't discount openbsd for not having it, there are some instances where ZFS is more of a hinderance than an advantage. Small network routers being one of them, for that OpenBSD is perfect with its feature-full pf (freebsd lags a few versions behind, though that version is also quite capable).

      --
      Why UNIX?
    7. Re: Thank you! by eneville · · Score: 2

      By current off the shelf standards no, 8G isn't particularly unusual. However, I've run OpenBSD on *much* less. Heck, I even have ZFS running on less, it's just not that much fun when you have to retune it because of memory hogging. Would be good if this aspect could be resolved then I'd use it more frequently.

      --
      Why UNIX?
    8. Re:Thank you! by Anon+E.+Muss · · Score: 2, Interesting

      ... check out OpenBSD before checking out FreeBSD, and I cannot stress this enough. FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows.

      Citation needed.

      Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

      Yeah, it can suck to run a server-focused OS on a desktop/laptop.

      FreeBSD devs do not care about their OS

      This is objectively false. Any devs working for free must care, of they'd hack on something else. Any devs being paid must have an employer who cares. The problem is that the people hacking/funding FreeBSD don't care about the same parts of the system that you do.

      --
      The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
    9. Re:Thank you! by Bengie · · Score: 3, Informative

      You can thank OpenBSD for Linux, and FreeBSD, 64bit modes finally working. OpenBSD has a history of spearheading new tech and working out the bugs. Both Linux and FreeBSD were afraid of switching to 64bit because it would break some software. OpenBSD didn't give a crap, so lots of programs got their bug fixes. Same thing with ASLR, and lots of other modern features.

    10. Re:Thank you! by Anonymous Coward · · Score: 1

      18 years and only 3 remote bugs. I'd say they're doing code quality a hell of a lot better than anyone else.

    11. Re:Thank you! by Bengie · · Score: 1

      Most of the FreeBSD devs run Current, not even stable. Even Netflix runs all of their servers on Current. Recently, the FreeBSD devs were bragging about how their FreeBSD laptops were finally not the systems with issues at the conference, but the Mac laptops were having issues with the wifi. I'm going to have to say that you pretty much just made everything up.

    12. Re:Thank you! by gmack · · Score: 1

      1. OpenBSD supports laptops, specifically Thinkpads, better than any other operating system not called Windows. Suspend/resume works, instantly.

      That's less of a good thing considering how nasty Lenovo is to work with. Not only did they continue locking their mini pcie port against "unauthorized" wifi cards, they have double downed on their customer hating behaviour by refusing to charge third party batteries. Since that was written, they seem to have moved the enforcement into the firmware.

    13. Re:Thank you! by unixisc · · Score: 1

      How is it compared to FreeBSD? FreeBSD has no wireless support for rare WiFi chipsets such as Intel's Centrino

    14. Re:Thank you! by unixisc · · Score: 1

      Did they do that by connecting their FBSD laptops by cable to the nearest router? B'cos FBSD does not support Intel's Centrino chipsets - at least not recent ones. I have a Dell Inspiron 17 and for networking, I have to run an ethernet cable from the router: the Centrino WiFi is not recognized

    15. Re:Thank you! by weilawei · · Score: 1

      Guess they've upgraded to the 6-year itch.

      (I keed! I keed!) They have a fantastic track record. I've finally switched over to OpenBSD myself and I'm psyched about this latest release--been waiting eagerly all month for it.

    16. Re:Thank you! by torsmo · · Score: 4, Funny

      OpenBSD's project leader is also more dictatorial than Linus

      But unlike Linus, who can throw industrial-grade Finnish profanities at his minions, Theo's Afrikaans cuss-word-foo is weak. Something along the lines of "Jy was uit jou ma se gat gebore want haar poes was te besig" wouldn't go amiss, methinks.

    17. Re:Thank you! by Blaskowicz · · Score: 1

      There's an opportunity here.. swap the wifi card with the one of the owner of an older laptop running Windows or recent linux, then he or she'll get slightly better wifi (perhaps) and you get working wifi.

    18. Re:Thank you! by ruir · · Score: 1

      Unless you have an HP netbook like I had where they whitelisted the wifi because that particular model was being used and bought to be used as an hackintosh... Idiots.

    19. Re:Thank you! by Tom · · Score: 1

      Perhaps someone else has something to add?

      It has a properly managed release cycle. For corporate installations, that's a real bonus. You can put it on a machine and schedule the update in your calendar, because you already know when it's going to be. And between those two dates, you can largely forget about it.

      --
      Assorted stuff I do sometimes: Lemuria.org
    20. Re:Thank you! by unixisc · · Score: 1

      Uh, the Intel Centrino WiFi is integrated onto the motherboard. That's the whole idea - one shouldn't need a dongle for it to work. With Linux, generally, WiFi support is better, but for some inexplicable reason, FBSD, despite having less license restrictions, can't get a WiFi driver - open OR closed - for this chip. And unlike NVIDIA, Intel is one of those companies that is happy to work with and on FOSS projects.

    21. Re:Thank you! by Tom · · Score: 1

      Frankly speaking I like the GPL more, but that's a personal preference.

      People who whine about it not being corporation friendly are either lying or they've never worked in a corporation. The licence management for all the commercial licenses is a much bigger hassle than the GPL, except for a few borderline case software development houses.

      --
      Assorted stuff I do sometimes: Lemuria.org
    22. Re:Thank you! by jeremyp · · Score: 2

      Perhaps someone else has something to add?

      7/ systemd doesn't run on it.

      --
      All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
    23. Re:Thank you! by Anonymous Coward · · Score: 1

      "Seriously - is there anything that OpenBSD does better than ?"

      Snowden's NSA slides shows that every major OS were compromised, except OpenBSD. It was absent on all slides.

    24. Re: Thank you! by Anonymous Coward · · Score: 1

      ZFS does not _require_ much RAM. It has an very efficient disk cache, so if you have less RAM, the ZFS performance will degrade to disk speed. Which suffices for most people anyway. I have run ZFS for over a year on a (one) 1GB RAM, P4 for over a year without problems.

      The thing is, if you use ZFS deduplication then you need 1GB RAM for every TB disk space. Deduplication is not well implemented on ZFS right now, so avoid it. If you are not using deduplication, then 4GB RAM will be fine (with the caveat that ZFS performance degrades to disk speed).

    25. Re:Thank you! by gavinatkinson · · Score: 1

      FreeBSD has no wireless support for rare WiFi chipsets such as Intel's Centrino

      That's odd, because pretty much every laptop I have has a Centrino Wifi chipset, and it works fine. The laptop I'm using right now is FreeBSD and has a Centrino wifi chipset, the Intel Wireless-N 105. Associated with 802.11n as well, with no problems. Can OpenBSD do 11n yet?

    26. Re:Thank you! by gavinatkinson · · Score: 2

      FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows.

      Not true. I'm using it right now.

      Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

      Not true, I can suspend/resume just fine, thanks. Your comment about not being able to switch between X and console suggests your knowledge is at least two years out of date. It was true for a short while in -CURRENT (the development branch) but never the case in a -RELEASE version.

      FreeBSD devs do not care about their OS; OpenBSD devs actually use their system.

      Also easily provably not true.

    27. Re:Thank you! by adri · · Score: 1

      Hi,

      I'm the wifi guy. Your post is misinformed. FreeBSD developers use their OS on non-server hardware. Everything you said above works. Even the wifi.

      https://twitter.com/encthenet/...

      You're very welcome!

      -adrian

    28. Re:Thank you! by adri · · Score: 1

      No, the problem is that we don't have as many active wifi developers as other projects, but the desire/need is still there.

      I now have a couple of people helping me chase down intel driver bugs and implement / port the 7260 driver from Linux/OpenBSD.

      -adrian, typing this on a freebsd laptop with a centrino wifi adaptor working just fine.

    29. Re:Thank you! by metrix007 · · Score: 1

      5/ OpenBSD assumes the world is a bad place. Linux is just hoping no one will do something bad.

      Yes, by barricading all doors and windows. In the event someone does get in to do something bad, there is very little in place to protect against it.

      No ACL, Auditing, MAC etc. Just very basic chroots and securelevels. Meh.

      --
      If you ignore ACs because they are anonymous - you're an idiot.
    30. Re:Thank you! by yosephi · · Score: 1

      This release sounds exciting. I've already installed 5.6 and am looking forward to exploring.

      AC, you should really do your research before spreading misinformation. I'm writing this response from a laptop (Lenovo X220) exclusively running FreeBSD 10.1 with an Intel HD Graphics 3000 that is fully supported. I have no problems going from Xorg to the console and back. Oh, and I suspended the laptop when I left work. At home I opened the lid and it was up and running within about 2 seconds. But, this story is about OpenBSD, so I'll stop there.

      jrm

    31. Re:Thank you! by Blaskowicz · · Score: 1

      I assume almost every laptop is using a Mini PCI express card, before that it was the bigger mini PCI.
      It's even become common on desktops such as mini-ITX motherboards and Intel NUC.
      You ought to have the wifi on a tiny user-accessible board unless you're using an Apple product or a tablet or a particularly integrated computer. Oh, Intel is working on that indeed.

    32. Re:Thank you! by fisted · · Score: 1

      Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly.

      [...] Your comment about not being able to switch between X and console suggests your knowledge is at least two years out of date. It was true for a short while in -CURRENT (the development branch) but never the case in a -RELEASE version.

      Not true, 10-RELEASE has this issue. I'm experiencing it first-hand, but to also quote your handbook:

      6.4.1. Caveats
      [...]
      Intel: as of FreeBSD 9.1, 3D acceleration on most Intel graphics, including IronLake, SandyBridge, and IvyBridge, is supported. Due to the current KMS implementation, it is not possible to switch between the graphical console and a virtual console using Crtl+Alt+F#.

      --
      CLI paste? paste.pr0.tips!
    33. Re:Thank you! by unixisc · · Score: 1

      How did you get wifi recognized on your FBSD?

  3. Systemd? by Anonymous Coward · · Score: 1

    I thought GNOME depends on systemd? Does OpenBSD come with systemd now?

    1. Re: Systemd? by Anonymous Coward · · Score: 1

      Fortunately!

    2. Re:Systemd? by Delicious+Pun · · Score: 3, Funny

      The best feature systemd has is that it is stuck in linux land. Let the kids have their bleeding edge shiny. Everyone else has the BSDs.

      Are you a systemd fanboy? I don't give a fuck what you think.

    3. Re:Systemd? by Anonymous Coward · · Score: 1

      Nothing wrong about 1970's Unix. It was great at the time; thing is, time changed.

    4. Re:Systemd? by plopez · · Score: 1

      It's now called OS X...

      --
      putting the 'B' in LGBTQ+
    5. Re: Systemd? by fnj · · Score: 3, Informative

      Has our AC determined whether Kerberos is in OpenBSD ports? I am reading "Kerberos has been removed from the base system. Kerberos support will be available via a package."

    6. Re: Systemd? by Anonymous Coward · · Score: 1

      Which is a huge different compared to being part of the supported base system. Packages in OpenBSD are basically supported on a best-effort, usually not at all if you're not using CURRENT and that's a no-go in this case. Sad to see it go, it's a great system. All I've really missed in it has been automatic binary updates. Installing updates by applying source patches can be somewhat time consuming.

    7. Re:Systemd? by eneville · · Score: 2

      If something works, what like gas guzzlers? Yeah, time has changed, it *is* possible to get more than 15mpg. However, systemd sucks right now.

      --
      Why UNIX?
    8. Re:Systemd? by Anonymous Coward · · Score: 1

      I can bolt new shit on to 70s cars as well. That doesn't mean they aren't still old cars.

    9. Re:Systemd? by unixisc · · Score: 2

      OS-X is not 1970's Unix by any stretch of imagination. It's a descendent of NeXTstep, or in other words, its base system is a descendant of Mach and BSD. Unix, as per the 70s definition, was SVR4.x. So the versions that were really Unix - until the Unix certification programs kicked in - were Solaris and SCO. BSD based Unixes didn't count - whether they were the original BSDs, or OSF/1, or SunOS or Ultrix.

    10. Re:Systemd? by iggymanz · · Score: 1

      hahaha, one of the desktop choices is GNOME 3.12, and no there isn't systemd

  4. pf by brynet · · Score: 5, Informative

    Also related, Peter N. M. Hansteen is auctioning off the first signed copy The Book of PF, 3rd edition. He will be supporting the OpenBSD project by donating the amount raised to the OpenBSD Foundation.

    http://bsdly.blogspot.com/2014...

  5. Thank you! by sunderland56 · · Score: 2, Interesting

    [Citation needed]

    Seriously - is there anything that OpenBSD does better than ?

    Internet slide shows suck, but a "10 reasons OpenBSD is better than linux" would help out a lot here.

  6. Rde of the Valkyries? by plopez · · Score: 5, Funny

    Seriously? The last ditch and unsuccessful attempt by the forces of heaven to prevent the destruction of Valhalla is not a good omen. The forces of good are overwhelmed by the forces of evil despite heroic efforts. I think Carl Jung pointed out that the Norse mythos was the only one he knew of where good does not triumph in the end. Or perhaps it was a reference to 'Apocalypse Now'. In ether case, as I said, not a good omen.

    --
    putting the 'B' in LGBTQ+
    1. Re:Rde of the Valkyries? by plopez · · Score: 5, Funny

      I don't think frost giants are good in any mythology.

      --
      putting the 'B' in LGBTQ+
    2. Re:Rde of the Valkyries? by geminidomino · · Score: 3, Interesting

      I'm not sure about Wagner's operas, but don't forget the end of the Ragnarok myth: Yes, the 9 worlds are frozen in a relentless year-long winter, then destroyed in a war where gods and ettins alike are almost completely wiped out, it's pretty glum stuff. But after that's all over, you've got the two people hiding in the world tree who come out, meet Baldur and Hodr (now back from the dead) and Thor's kids, and start over.

      It's like finally being able to throw out that crufty old pascal code-base and re-write it in $WHATEVER_LANGUAGE_YOU_WANT_THAT_DOESNT_START_A_FLAMEWAR. Not a bad omen at all. :)

    3. Re: Rde of the Valkyries? by jd · · Score: 2

      Apparently, they're the good guys in the Book of the Three Letter Agencies.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    4. Re:Rde of the Valkyries? by fustakrakich · · Score: 1

      Kill the wabbit!

      --
      “He’s not deformed, he’s just drunk!”
  7. Removed sendmail ... smtpd is the MTA by fnj · · Score: 5, Insightful

    Just about EVERY SMTP MTA is named "smtpd". Sendmail's is, but so it Postfix', and so is OpenSMTPD's.

    In case anyone wants to know, OpenSMTPD replaces sendmail as the default MTA in OpenBSD 5.6. Now how hard was that, to actually state a piece of useful information instead of a nonsense phrase conveying nothing?

    1. Re:Removed sendmail ... smtpd is the MTA by ZorkZero · · Score: 1

      Umm, sendmail's process is called 'sendmail', postfix has no process called 'smtpd'.

  8. Thank you! by Anonymous Coward · · Score: 5, Interesting

    1. OpenBSD supports laptops, specifically Thinkpads, better than any other operating system not called Windows. Suspend/resume works, instantly.
    2. Does not require PulseAudio, but can still output multiple channels from multiple apps at the same time. This was always a problem with ALSA.
    3. PF is a lot easier to configure than ipfw. It is the firewall of OSX.
    4. Man pages for EVERYTHING.
    5. A simple init system. Whether or not it is better than systemd is debatable.
    6. Not tied to any one desktop environment. Gnome 3.x is well-supported, but not requisite for anything.
    7. The first place you will find updates for new wireless cards, OpenSSH, LibreSSL, libc (Android actually uses this instead of glibc).
    8. Full disk encryption without requiring an unencrypted boot partition, unlike Linux.
    9. Simple, text-based config files.
    10. No need for HAL or *Kit or whatever flavour of the week abstraction layer is needed for interfacing with your hardware.

    OpenBSD is not for everybody; there is a steep learning curve and a lot of software is not supported. But if you need a simple operating system that doesn't change much from release to release, it's worth checking out. If you are looking for an alternative to systemd (which I honestly have no problem with), check out OpenBSD before checking out FreeBSD, and I cannot stress this enough. FreeBSD developers don't use their own operating system; they run it in a Virtual machine on their Macs, and it shows. Suspend/resume has been broken there since 2008, and drivers for any recent Intel graphics adapter will not run (you cannot switch from Xorg to a console and back) properly. FreeBSD devs do not care about their OS; OpenBSD devs actually use their system.

  9. Packed my bags by Anonymous Coward · · Score: 3, Interesting

    When they introduced that SystemD trash in Linux, I packed my bags and moved to OpenBSD. Have not looked back.

    1. Re:Packed my bags by Anonymous Coward · · Score: 1

      Yep, same here. So long, and thanks for all the penguins.

  10. Re:Does it fix the performance issues? by Anonymous Coward · · Score: 1

    I run OpenBSD on some computers from the early 1990s without any performance problems.

    Sure if you're hoping to play a real-time FPS at 4k you're probably out of luck, but for networking or just as a regular laptop with chrome I don't have any problems. Please state some facts about what you're finding to be slow instead of making unsubstantiated claims.

  11. Re:Apache by fnj · · Score: 3, Insightful

    what's the big deal whether something is in base or ports? it's the same team that maintains things.

    If you say it's the same team that works on bases system and ports, then I don't have the knowledge to take issue with that. I would not have guessed so, though.

    At any rate, OpenBSD has this to say: "The ports & packages collection does NOT go through the thorough security audit that OpenBSD follows. Although we strive to keep the quality of the packages collection high, we just do not have enough human resources to ensure the same level of robustness and security."

    I think it's a pretty big deal.

  12. httpd by Anonymous Coward · · Score: 1

    They also removed apache from the base OS and added their own httpd in this release.

  13. Re:Does it fix the performance issues? by Anonymous Coward · · Score: 1

    blah blah blah. still no hard facts. blah blah blah.

    ps. i've tried linux and freebsd for years. linux may be fast but what good is fast if you can't trust the results due to buggy code. I know exactly what I'm "missing out" on.

  14. Re: Apache by Anonymous Coward · · Score: 1

    It's not so cut and dry. That warning is more about not blindly trusting stuff in ports. There are some things in base that are really written by the OpenBSD team and some things that are integrated from 3rd parties. For example I bet that gcc in base is not particularly as well audited as code that originated from the openbsd team like libc or the kernel. And there are some things in ports that are incredibly well audited. The biggest problem is that there is a gazillion times more code in ports so a team of 100 people can't reasonably be expected to read every single line there. but Lynx, Apache etc in ports that are actually used by devs probably get more scrutiny than other ports that might not be widely used by devs.

  15. Re:Does it fix the performance issues? by x0ra · · Score: 1

    "simplicity and security" are merely excuses to compensate for the lack of manpower.

  16. Re:Does it fix the performance issues? by TheRaven64 · · Score: 2, Interesting

    OpenBSD's malloc implementation is noticeably slower than anyone else's. It is, however, more likely to make certain categories of memory management error crash the program (rather than leaving it in a state where an attacker might be able to exploit the bug). Unfortunately, most modern exploit techniques don't rely on the invariants that OpenBSD's malloc() breaks, so you end up paying the performance cost without getting much by way of security gain (unless your attacker is a script kiddie who is using 5-year-old scripts).

    --
    I am TheRaven on Soylent News
  17. Re:Does it fix the performance issues? by Anonymous Coward · · Score: 1

    Do you have any benchmarks? Last I read it is only like 2-5% slower than other OS's malloc. As a developer I find testing on OpenBSD very useful. If I can get my app to run there with all the memory and sanity checks then I feel better about my app having fewer bugs.

    btw, I know there are ways to cirucumvent each of the memory protection techniques used by OpenBSD in isolation, but as far as I know there is no way to circumvent things if all the techniques are used at the same time. So I'm not sure I agree with you that there isn't much security gain. I especially like their recent addition of the stack shuffle switch to the compiler. I've been using it on my app.

  18. Thank you! by dbuckman · · Score: 4, Informative

    I second the thank you to the developers.

    What I like about OpenBSD.

    There are no black boxes. I can do a "ps aux" and very easily understand every process that is running and it only takes up one page on the terminal. I use linux for my desktop/laptop and it is great for that but there are pages of processes running and I have to hunt to figure out what some of them are. If I want to understand the boot process it is well documented and I can edit a few files and figure it out.

    PF. PF is a great firewall with some amazing features.

    Secure. Again only processes running that I want running.

    Small footprint. I just downloaded the 5.6 AMD64 iso. 227mb. It got smaller from 5.5 to 5.6. You never see that.

    I find it a pleaser to work with. It doesn't make a lot of assumptions for you. Easy install. Give it a try.

  19. Re:Does it fix the performance issues? by Anonymous Coward · · Score: 1

    How can you do a security audit on something complex? I don't think it's an excuse, I think it's totally reasonable. For example take a look at Bernstein's crypto library which OpenBSD makes use of. Bernstein (who many consider a genius) specifically designed the library to remove the many knobs that other libraries include. And he did this specifically to increase simplicity, thereby being easier to audit and therefore more chance of actually being secure.

    I don't buy your argument one bit.

  20. What are the limitations of OpenBSD? by walterbyrd · · Score: 1

    I'm guessing it's the apps. OpenBSD is probably great for servers, but does not have all the desktop apps as Linux.

    Or, maybe I'm wrong.

    I am really hating Red Hat's hostile takeover of Linux. I may consider a BSD.

    1. Re:What are the limitations of OpenBSD? by nawcom · · Score: 1

      It comes down to if the desktop app has a Linux-specific dependency. X11 with GTK+/Qt/etc aren't limited to Linux. Something like Gparted is another story for obvious reasons. Virtualization support is another issue. But if you're asking if you can run XFCE/KDE/GNOME/whatever with Firefox/OpenOffice/the usual X11 apps that casual Linux users use, yes it can. However, don't expect equal graphics card support in X11 compared to Linux and even FreeBSD. Take a look in OpenBSD ports if you're curious about something specific. There's probably a number of less-popular apps that aren't in there that would compile just fine; some will probably require a change in the resulting Makefile here and there. As stated in above comments, there are people who use it as a main desktop OS for their laptops.

  21. Re:Does it fix the performance issues? by Anonymous Coward · · Score: 1

    If you claim OpenBSD malloc is inferior to other OSes, how do you explain OpenBSD as the more secure OS out there? On Snowdens NSA slides, OpenBSD were noticeably absent on all slides. All major OSes were compromised, except OpenBSD. That's a fact. OpenBSD is safer than Windows or Linux. NSA can not get into OpenBSD servers.

  22. Re:Does it fix the performance issues? by TheRaven64 · · Score: 1

    It's been a few years since I did any benchmarking, but back then it was 10-20% slower than jemalloc (the FreeBSD default malloc). Some of the slowdown was hidden in microbenchmarks (worse memory fragmentation, so more cache misses after programs have been running for a while), but anything that did a lot of memory allocation - especially short-lived allocations - was noticeably slower. Unfortunately, this is the kind of overhead that encourages people like the OpenSSL devs to ship their own buggy allocators to avoid the overhead of the system one.

    --
    I am TheRaven on Soylent News
  23. Re:Does it fix the performance issues? by TheRaven64 · · Score: 1

    If you claim OpenBSD malloc is inferior to other OSes, how do you explain OpenBSD as the more secure OS out there?

    I said it was slower, not inferior. It does provide slightly better safety, but if you've got a targeted attacker then you can still bypass the protections.

    On Snowdens NSA slides, OpenBSD were noticeably absent on all slides

    So were ReactOS and Haiku. OpenBSD most likely doesn't have enough market share for the NSA to care about. Things like the OpenSSL vulnerabilities that they knew about all worked fine on OpenBSD, so there was no point in investing effort in finding OpenBSD-specific exploits.

    You'll also notice that OpenBSD hasn't shown up in publications in top-tier security conferences much for five or so years - exploit mitigation targets in other systems were more interesting to try to break.

    --
    I am TheRaven on Soylent News
  24. Re:Does it fix the performance issues? by TheRaven64 · · Score: 1

    No, I mean that they broke the ones that OpenBSD comes with and OpenBSD hasn't added new ones for years. They're no longer interesting as a target for security research.

    --
    I am TheRaven on Soylent News
  25. Re:Does it fix the performance issues? by iggymanz · · Score: 1

    wrong, developers of your bloated Gnu/Linux distro of choice are using OpemBSD project code to compensate for lack of ability in key areas such as security.