Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 2.6 released

Posted by Nik on from the 'evening-all dept.

Lots of you wrote in with this -- we've been holding back at Theo's request until the CDs were available, but OpenBSD 2.6 is now released and available from the FTP sites, or by ordering CDs. There are lots of technical enhancements to this release (which are detailed below), and if they don't grab you, check out the very cool CD cover art.

The complete list of changes to 2.6 is too long to list here. However, some of the highlights are:

  • Add ssh (OpenSSH) to the base system
  • Reliability patches for the PowerPC port
  • Improved support for ext2fs
  • Perl 5.005_03 in the base system
  • Support Joliet filesystems
  • More security fixes
  • USB support
  • Fixes to the ATAPI support
  • Speed up the install process
  • Many manual page updates

and much more.

4 of 228 comments (clear)

  1. The significance of this... by Matt+Bridges · · Score: 5

    As OpenBSD has been a lesser-known OS for a while, I am writing this post to tell any newcomers what it is all about. While to many this may seem like just another software release, anyone who has watched cryptography and security in general and OpenBSD in particular knows that this will have major significance throughout the industry. It may not be immediately apparant, or even obvious, but it will be important for the follwing reasons: 1. With the recent anti-cryptography crackdowns by the US government (see the article below this one on the investigation of William Simpson), having a complete system of VERY strong cryptography coming from outside our national borders, such as OpenBSD, will significantly weaken our government's efforts to stop cryptography. 2. OpenBSD is apparantly the only major OS that truly follows the saying, "Security is a process, not a product." Personally (and I know there will be much debate on this, possibly even flames), I believe that everyone from the Linux contributors to Sun (makers of Solaris) to, of course, Microsoft, could learn from the example of the OpenBSD team. For those of you unfamiliar with OpenBSD, here are a few examples of how the emphasis in this OS is almost entirely on security: A. Line-by-line security audit of *everything* that goes on the CD. B. Strong cryptography is built in on the most basic system level. C. All aspects of the default setup have undergone rigorous security testing. OpenBSD is, to the best of my knowledge, the only OS that can legitimately claim to be secure right out of the box. All of these factors combined have set a standard that the rest of the industry has yet to meet. Eventually, security will be seen as something not to be expected, but demanded in a product, and the OpenBSD philosophy will serve as a model for this shift. 3. Because many security flaws (such as potential buffer overflows) can cause security-unrelated crashes, the line-by-line audit also resulted in remarkable stability beyond just the security. I think we can all think of a certain software company that could learn from this example. 4. The overall view of the OpenBSD team that security as not just something that happens over time and numerous patches, but rather something to get right the first time, must be adopted by the rest of the industry as soon as possible. Anything less will hold back the advance of the Internet unacceptably. I hope that this has helped some newcomers to the OpenBSD world understand the underlying philosophy of this wonderful OS.

  2. Quick answers by Anonymous Coward · · Score: 5
    1.Is OpenBSD more secure in some fundamental way that a well maintained Linux distribution?

    Without a doubt. Use RedHat as an example - out of the box, it is shamefully exposed.

    It is perfectly reasonable to assume that a linux distribution could be made as secure as OpenBSD, if the effort was made

    2.Is OpenBSD more stable than a well maintained Linux distribution?

    Generally speaking, both are considered stable enough to not make it a significant issue, although the increased competition in the linux distro market will force more frequent releases and less testing. Look at the flack Debian is catching for their slower release schedule.

    3.Will the OpenSource software we normally need (firewall, Apache, PHP4, Perl, Python) and so on probably compile on OpenBSD?

    Of course. There is no question that the packages you mention will work well on OpenBSD. Some of the packages you mention are developed on a BSD variant.

    4.Does OpenBSD have something like clustering support (Beowulf) and failover?

    No.

    5.Is the performance of a well maintained OpenBSD system better than a well maintained Linux distribution?

    This really depends on what you are doing. For network performance, I put my chips on BSD. For other system functionality (disk throughput, etc.), linux may be better. It really depends on the type of application.

    6.Does Linux have anything like the one time use password system?

    No.

    7.Does OpenBSD support multiple CPU's

    The BSD's are making some inroads with SMP, but linux is out ahead.

  3. Re:OpenBSD and Linux - compare? by ninjaz · · Score: 5
    These systems will be running the server software they need, and X11 + (Gnome||KDE) for administration and so on.
    I think X/(Gnome|KDE) a bad idea on a network server regardless of the operating system. My reasons for thinking it's a bad idea are:
    • video hardware (& its drivers) tends to be one of the touchiest areas of a system, best avoided if you're not using it as a workstation,
    • You're wasting resources that could be used for serving on your X environment (especially with some of those new-fangled screensavers ;)
    • It's better to understand configuring the system the *right* way - via the command-line tools and configuration files. That way, you can keep multiple versions in case something goes wrong and you need to back out a change.
    Now, with that out of the way..
    Is OpenBSD more secure in some fundamental way that a well maintained Linux distribution?
    The audits of source code would seem to imply that. If you'd like some data on the subject, visit the vulnerabilities section of http://www.securityfocus.com/ Have it show you the vulnerabilities of OpenBSD and of a few Linux distros so you can compare. Of course, unless you're allowing shell accounts, the external (network) security of either mostly depends on what daemons you're running and how they're configured.
    Is OpenBSD more stable than a well maintained Linux distribution?
    Both a well-maintained Linux server and a well-maintained OpenBSD server should be stable. There may be less scheduled downtime with OpenBSD if there's a kernel-related security issue in Linux, but in my experience with OpenBSD, NetBSD, FreeBSD, Linux and Solaris, all of them have been stable (current standard uptimes here around 6 months).
    Will the OpenSource software we normally need (firewall, Apache, PHP4, Perl, Python) and so on probably compile on OpenBSD?
    Yes, and /usr/ports/ is there in case a change does need to be made to something for it to compile (i.e., the patches are automatically applied when you type make
    Does OpenBSD support multiple CPU's better then Linux?
    No, it doesn't support them at all. If you want multi-cpu support with a *BSD, try FreeBSD.

    One thing that BSD is currently very helpful with on the x86 architecture is large file support. The Linux limit is 2gb, so your MySQL databases are limited to that size.

  4. Natedawg's OpenBSD 2.6 installation report by NatePuri · · Score: 4

    Well, I just finished installing OpenBSD 2.6 Nov. 30 snapshot (which would probably be pretty damn close to the release if not identical. OBSD developers can chime in if I'm wrong.

    Here's what I have.

    1. Dell Inspiron 3000 notebook PC
    2. ~144 MEG RAM
    3. 200 Mhz Pentium (i586)
    4. Neomagic Magicgraph 128
    5. Linksys 10/100 PCMCIA NIC
    6. Megahertz cellular modem
    7. 13' 800x600 display capable of 24bpp


    With a few minor adjustments to BIOS (i.e., changing from the settings I had with Linux and FreeBSD on the same machine to switch IRQs for my serial devices, PCMCIA was supported by the default install floppy.)
    I had installed OpenBSD 2.5 and gave up on it, because I needed a working system in short order and did not have time for the learning curve, so I was used to the partioning scheme.

    Here's my secret recipe for OpenBSD's partioning scheme: Go download kern.flp and mfsroot.flp from FreeBSD's site and boot those. Pick the 'Novice' install, which will then lead you to FreeBSD's partitioning which is automatic. Then after FreeBSD is done doing the newffs on your HD, pop out the floppy, pop in the OpenBSD install floppy and reboot.

    Then when OpenBSD asks you for partioning, it's already done, and you can just change the labels and mount points with 'p' to see your partitions and 'n' to rename them.

    boom bam bing... *woop* there it is. Reboot.

    X11R6 was easily configured now that Neomagic is well supported in 3.3.5. APM is well supported in both BSDs.

    Brief performance review.

    In a nutshell, OpenBSD is slightly slower than FreeBSD on the same hardware, which was slightly slower (but not much) than Debian GNU/Linux on the same hardware. Here are the applications I run always. I'm a law student, so my main needs are text editing, archiving and searching.
    1. Bash 2.03
    2. WindowMaker 0.61.1
    3. Wterm xxxx
    4. Midnight Commander
    5. Nedit
    6. Mutt
    7. GnuPG 1.0/PGP 2.6.3
    8. OpenSSH (now running on FreeBSD and Debian)
    9. WordPerfect (w/ linux_lib) (runs flawlessly on all OS's).
    10. glimpse
    11. Navigator 4.61
    12. Lynx-SSL
    13. MagicPoint (presentations)
    14. xlockmore (stop staring over my shoulder! I know my desktop looks better than yours, go away)


    Whenever I test a system, I always use my laptop b/c it's what I like to use most, and my goals are to have X, pcmcia, and apm running flawlessly.

    In Debian, X and pcmcia worked great, but when I would suspend my box I would have problems with pcmcia modules and would have to insmod them or rmmod them and re-insmod them. This was an annoyance. I eventually got a hold of a script that allowed me to disable pcmcia before suspending. I would then have to run the script again to reinitialize pcmcia; I quickly grew tired of this.

    Enter FreeBSd 3.3. Went and bought it, and downloaded the PAO install floppies and the PAOBIN pcmcia drivers. This was very nice and great, I loved everything about FreeBSD except for one thing, the pcmcia drivers seemed to treat my pccard as a 10baseT rather than 100. That kind of sucked. I knew eventually my legal work would require an IPSec network so I moved on (I highly recommend FreeBSD). It suspended and resumed like a breeze, the clock had not lag upon resume, and the pcmcia daemon reinitialized all pccards excellently. Very Nice. And FreeBSD has the best collection of applications for GNUstep of any Unix I've seen (much better than the Linuxes I've used).

    Enter OpenBSD 2.6.

    Yesterday I downloaded and installed OpenBSD. Everything that applies to FreeBSD applies to OpenBSD except in OpenBSD my pcmcia card is supported better (I have full bandwidth on my LAN). APM, etc are excellent.

    Drawbacks. I miss my FreeBSD WMaker desktop! But I think the FreeBSD ports I want will work on OBSD so that I can have the best of both worlds.

    OBSD's ports collection is not as vast as FreeBSD's, and it's package collection is no where near that of a Debian or Red Hat. But that is for a reason. What you get is secure, and they have everything you *really* need. All the applications I mentioned above that I use on a daily basis are all in OBSD with the exception of Midnight Commander, which I will try to make use of FreeBSD's port. I will also try to make wmapm, wmnet, and wmmon from FreeBSD work in OpenBSD, then I will be quite satisfied.

    Speed. There is a noticable speed reduction with OpenBSD. It is not as optimized for my hardware as FreeBSD was. But my hardware is not all that spectacular anyway so it was never all that fast to begin with. Compile times are roughly the same. However, for some reason X has never performed better, even with FreeBSD. Opaque moves have no hint of jerkiness

    Bonus. OpenBSD recognized my sound card! This is new. If I can make that work, I'll really be an OpenBSD fanatic. Another added bonus is mount_ext2fs. This allows floppy transfers from Linux to OBSD, something that FreBSD does not have yet.

    In sum, OpenBSD is perfect for a Desktop OS if data security is really really important to you (i.e., if you carry confidential material on your laptop around with you). There's enough applications for document creation that you could need, and with linux_lib all things linux are possible. And binary compat with all other BSD's is there as well. OpenBSD is solid, super secure, and I'm breathing easier now that I know my client materials are under the blowfish ;).

    Later y'all.