Slashdot Mirror
OpenBSD 6.3 Released (marc.info)
OpenBSD announced on Monday that v6.3 update, which was slated to be released on April 15, is ready for download. From the announcement post: This is our 44th release. We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install. As in our previous releases, 6.3 provides significant improvements, including new features, in nearly all areas of the system. You can read about the changes and improvements here.
The base system has the C compiler and related tools, X11 with three window manglers (twm, cwm, and fvwm), xterm, and two text editors (vi and mg (for the emacs fans)). It has is own SSH, SMTP, and HTTP daemons, though these must be configured and enabled. You can do more than you think with a base install.
Among all the current Unix-like operating systems out there, OpenBSD remains the most true to the traditional Unix philosophy. Their level of commitment to code quality and good documentation is, frankly, foreign to the Linux world these days. They've done a huge amount of excellent work over the years and if their philosophy sounds interesting to you, I urge you to check it out and donate.
Why does the submission link to someone’s “congratulations” email response instead of the original email announcement... or the web posting about the release itself?
https://www.openbsd.org/63.htm...
#DeleteChrome
This is all fine and good but APK's hosts file engine doesn't run on it so it can't ever be secure.
POSIX, motherfucker! Are you compatible?!
Much like the Linux world which is almost entirely based on two derivatives (Debian and Redhat), the BSD world is mostly the same, the two primary derivatives are FreeBSD and OpenBSD. FreeBSD has by far and away the largest user base of the two, and the most commercial support backing it as well.
two holes in an install with zero packages that can do nothing but ssh yay?
Actually a common use for OpenBSD is a firewall and/or router. Built-in packages accomplish these and other infrastructure roles. Thus making the internet a safer place to tread for Linux boxes with whatever is the fad-of-the-moment development stack. ;-)
systemd... nice troll!
Don't forget NetBSD, which is also a very good BSD.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
The second most popular distro on distrowatch.com is Manjaro, which is based on Arch. A challenger appears!
According to their info Manjaro is based on Arch Linux, which is probably the 3rd most popular branch of Linux right now.
They seem to be pretty proud of being able to keep two remote bugs for 20 years. One would think they'd fix them instead of boasting about them for so long. I mean, other OS's probably have more for longer to brag about.
It depends on your use case. For me systemD has no benefits, though, admittedly, few drawbacks as an init system. Unfortunately, it's difficult to uncouple the init system from the rest. And, e.g., I dislike logs that aren't text based (or have they finally fixed the bugs in that piece...last I heard it was "won't fix").
I think we've pushed this "anyone can grow up to be president" thing too far.
Well, MSWindows 95A was pretty secure if you didn't insert any corrupted disks locally.
Outside of that I think that OpenBSD is generally considered the most secure. Of course, if you want it to be really secure you write protect the system partition after you install it. (This generally means, in Linux, that you need to create a bunch of hard links from your system partition to another partition that you allow writes to, so that, e.g., the /tmp directory can be written to. I'm not sure anymore what the BSD equivalent to that is. It's been too many decades since I used it. (I was the system operator/administrator/IT department for an Altos i386 Unix box running some sort of BSD Unix...but that was in the days when the i386 was new.)
I think we've pushed this "anyone can grow up to be president" thing too far.
If you read the release notes you'd notice that this release talks about improved multi-core support. So they must already have it.
I think we've pushed this "anyone can grow up to be president" thing too far.
If I r00t your b0x the last thing I am going to do is leave evidence in /var/logs.
Binary logs are a feature for this reason
http://saveie6.com/
Trusted Solaris isn't so much secure as it was Common Criteria evaluated. Security is also not Dragonfly BSD's focus, so I am curious as to why it would be mentioned. OpenBSD is, of course, an option, and if security is a primary concern, it is a perfectly good choice. I would also suggest HardenedBSD, if you would like to have the features (ZFS, DTrace, Jails) of FreeBSD coupled with security improvements based on the PaX/GRSecurity design.
NetBSD also has PaX-style memory hardening, btw. OpenBSD's userland W^X works quite differently (and will make programs abort at mmap time, rather than mapping a page as write-only and dying if it is written to).
Are all BSDs created equally?
https://media.ccc.de/v/34c3-89...
Has some code review, fuzzing, runtime testing on all 3 major BSD distributions.
Domestic spying is now "Benign Information Gathering"
Good point.
I've used it since the late 90's. I'm sure there are more assholes than Theo and I using it.
Trolling is a art,
Could you please check HBO's site to see if season 2 of Westworld is out yet? It's scheduled for April 22.
Trolling is a art,
OpenBSD has had MP for many years.
Trolling is a art,
You're running ssh? Do you not care about security?!
“Common sense is not so common.” — Voltaire
OpenBSD uses a very primitive form of multicore support called "cooperative multiprocessing" as opposed to modern multiprocessing known as "preemptive" multi-processing. OpenBSDs multitasking is simiilar to what was available on the old Mac 68K machines. The problem with OpenBSD's method is that one misbehaved application can hog all the resources and cause OpenBSD to crash.
Phoronix.com did a comparison of all the BSD and Linux variants and OpenBSD came in last. FreeBSD did marginally better. Although nowhere near as capable as the Linux kernels, the Dragonflybsd put in a very strong showing, beating all the other BSD variants. These days OpenBSD is pretty much a curiosity without a strong Internet presence.
We all can attest to Netcraft's skill in analyzing the operating system landscape. The Netcraft September 2017 Survey is quite frank about the dismal state of BSD. The only mention of any BSD is FreeBSD which they say has fallen to barely registering on real world networks. And everyone knows how far, far behind OpenBSD is from FreeBSD. I
Afaik systemd only provides binary logs, but also afaik redhat, debian and derivatives also installs rsyslog in the default install providing text logs. Curious to know what distro you've come across that has binary logs only?
Unfortunately, it's difficult to uncouple the init system from the rest. And, e.g., I dislike logs that aren't text based (or have they finally fixed the bugs in that piece...last I heard it was "won't fix").
It's not that "difficult" to remove systemd: a lot of Linux distributions do that, like Slackware, Devuan, and Gentoo, just to name the biggest three.
And, yes, binary logs suck, and systemd developpers are a bunch of whiny little bitches, with no understanding or appreciation for UNIX philosophy and history (hence, the appeal of the BSDs, where things are closer to what they used to be).
At this stage, honestly, I'd like to have solid numbers on, say, the number of times Debian has been downloaded vs Devuan, for instance, but I suspect the vast majority of today's sysadmins blindly go with whatever Red Hat/CentOS decides, because, hey, it's Red Hat, and no one has ever been fired for buying that crap. Hence the appeal, for a minority, of the BSDs.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
It has been overtaken by "Windows is dying" posts.
Sent from my ASR33 using ASCII
Another asshole here.
I would not use distro downloads as an indicator of systemd being used. I have been using my farm of Debian Linux servers in Debian 8 and 9 *without* systemd.
This was modded down? No sense of humor these modern /.'s
There are multiple Gentoo and Slackware derivatives as well. I've used and loved Gentoo for over a decade now. AFAIK, systemd is optional on both (though I don't think Gnome will run properly without it).
Nonaggression works!
No love for Suse?
Cheap storage VM.
... Except, of course, that if you are "root" on *any* box, systemd or not, you will be able to delete any logs you'd like, binary of plain text (journald anyone?).
So what was your point again? Ah, yes, displaying your total ignorance. Mission Accomplished!
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
The last time I checked there was a package that was supposed to produce text logs in addition to the binary logs, but it was broken. Not in all cases, but often enough. And the bug had been there for long enough to get marked "won't fix". I haven't followed the matter since then, however....
That "won't fix" rather soured me on the entire systemD approach. Since it provides me with absolutely no benefits, it didn't take much in the way of defects to cause me to wish it would just go away. (And there were a few other defects in the early days, but they eventually fixed those, or at least I stopped noticing them.)
But as far as I am concerned systemD is an overly complex "solution" the something that wasn't a problem to me. It's ancillary modules, however, have repeatedly been annoying, and occasionally caused severe problems. That I worked around them hasn't made me think highly of systemD, because it has absolutely no benefits to me.
I think we've pushed this "anyone can grow up to be president" thing too far.
Systemd does not produce text logs, and that would be a wontfix as they seemingly consider it a feature. Rsyslog is not part of systemd, produces textlogs and is installed by default in every distribution that I know of.
That may well be the reason, but it doesn't make me think any more highly of them.
I think we've pushed this "anyone can grow up to be president" thing too far.
Of course, if you want it to be really secure you write protect the system partition after you install it. (This generally means, in Linux, that you need to create a bunch of hard links from your system partition to another partition that you allow writes to, so that, e.g., the /tmp directory can be written to. I'm not sure anymore what the BSD equivalent to that is.
It's called different mount points. And on Linux, I doubt the super user cannot just remount the partition read-write again (don't know about OpenBSD, but NetBSD prevents this with the securelevel concept)
Hard links won't help you in any way.
CLI paste? paste.pr0.tips!