Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD 4.7 Released

timothy posted more than 4 years ago | from the inexorable-and-dedicated dept.

Operating Systems 143

An anonymous reader writes "The release of OpenBSD 4.7 was announced today. Included in this release are support for more wireless cards, the loongson platform, pf improvements, many midlayer filesystem improvements including a new dynamic buffer cache, dynamic VFS name cache rewrite and NFS client stability fixes, routing daemon improvements including the new MPLS label distribution protocol daemon (ldpd) and over 5,800 packages. Please help support the project by ordering your copy today!"

cancel ×

143 comments

Sorry! There are no comments related to the filter you selected.

Yeah, so... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32269082)

What is the release song called? Is Theo still an obnoxious little shit?

Maybe... (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#32269830)

Cool story, brah.

The Insecurity of OpenBSD (1, Interesting)

Torino (1813872) | more than 4 years ago | (#32269120)

This is the story Slashdot should have included to run.

The insecurity of OpenBSD [osnews.com]

A criticism of the OpenBSD security philosophy is performed, along with an examination of the claims made regarding the project. In particular their rejection of any advanced access control framework is examined. A well researched and well written article, followed by over 200 comments that are also worth reading.

Re:The Insecurity of OpenBSD (0)

Jorl17 (1716772) | more than 4 years ago | (#32269194)

I think this should be modded up. It isn't criticism, it's looking inside a system -- thinking about it, analyzing it and attempting to improve it.

Re:The Insecurity of OpenBSD (0)

DrSkwid (118965) | more than 4 years ago | (#32270018)

Isn't giving a critique the definition of critisism ?

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32269196)

How is this Flamebait? It is an interesting article, and I would like to see it discussed. Don't be put of the title, it is not saying OpenBSD is insecure.

Re:The Insecurity of OpenBSD (4, Informative)

bhima (46039) | more than 4 years ago | (#32269562)

Oh come on now... The title is inflammatory and tone is combative. Unsurprisingly the discussion at guy's blog degenerates pretty quickly.

I don't really disagree with most of his central points: Secure by default isn't really useful to most people; OpenBSD needs more security features than older UNIX ones; and the OpenBSD team does themselves a huge disservice with their "not invented here" syndrome... But really the whole thing could be been written with a more professional tone and fostered a lot more constructive discussion.

Re:The Insecurity of OpenBSD (2, Interesting)

Torino (1813872) | more than 4 years ago | (#32270236)

I don't think the title is inflamatory despite the fact it will inevitably be taken that way.

He is talking about what prevents OpenBSD from being a secure system for the points you mention.

I found the discussion on the blog quite interesting aside from the insults, which are a minority

"not invented here" syndrome (2, Interesting)

Anonymous Coward | more than 4 years ago | (#32271738)

The things that are pioneered by OpenBSD, often make their way to everywhere else.
So, ahem, it IS invented in OpenBSD.

Re:The Insecurity of OpenBSD (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32269230)

I like how you link to the osnews stub rather than the actual article in a pathetic effort to cover up the fact that it's a nonsensical blog post by a moron (probably you).

Re:The Insecurity of OpenBSD (1)

magellanic (689252) | more than 4 years ago | (#32270416)

That article has been posted several times on *BSD mailing lists and is hardly relevant to the release of a new version.

I wonder if an article criticizing the security of Slashdot's darling OS, Linux, would receive such positive moderation on a release story.

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32270518)

Slashdot regularly runs stories criticizing Linux's security,

For some reason they refused to run this one, so I thought it would be good to draw attention to it on a related story.

Re:The Insecurity of OpenBSD (1)

Lunix Nutcase (1092239) | more than 4 years ago | (#32270610)

Slashdot regularly runs stories criticizing Linux's security,

So they regularly run such stories and yet not a single one appears after going back more than a month through the Linux section?

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32270704)

It's kind of pointless to criticize lunix; the result is always the same: "but windows is worse!"

Re:The Insecurity of OpenBSD (1)

Sir_Lewk (967686) | more than 4 years ago | (#32272936)

Most of us have been reading slashdot long enough that "several times a year" qualifies as sufficiently regular.

In other words: get off my fucking lawn.

Re:The Insecurity of OpenBSD (2, Interesting)

Lunix Nutcase (1092239) | more than 4 years ago | (#32274490)

Most of us have been reading slashdot long enough that "several times a year" qualifies as sufficiently regular.

And yet going back even farther to more than 6 months I've yet to see a single one of those supposed articles that criticize Linux security. Care to actually link to even a single article that isn't more than a year old?

Re:The Insecurity of OpenBSD (2, Interesting)

magellanic (689252) | more than 4 years ago | (#32270808)

Maybe if the article had any real merit, instead of making stupid statements that aren't true.

It's a shame the author's love affair with MAC can't help him write a decent article.

I wonder how many installations of Linux have SELinux disabled because it broke something.

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32270908)

What in the article isn't true?

Re:The Insecurity of OpenBSD (1)

magellanic (689252) | more than 4 years ago | (#32271022)

That MAC is anything but bloated a waste of time.

The notion that adding security as an afterthought is a good idea.

Re:The Insecurity of OpenBSD (0)

Torino (1813872) | more than 4 years ago | (#32271134)

Ahh, so nothing is incorrect, you just don't understand MAC

The archaic UNIX security model is exactly that, archaic. There are needs it cannot meet, and something like MAC is needed.

It does provide increased security by enforcing proper separation of duty and privilege correctly, not adding it in later as OpenBSD has done.

I love OpenBSD, but to dismiss MAC as a waste of time just serves to discredit yourself.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32271338)

Says the guy who sucks more nigger dicks than a hooker in Harlem.

Re:The Insecurity of OpenBSD (1)

magellanic (689252) | more than 4 years ago | (#32271494)

The archaic UNIX security model is exactly that, archaic. There are needs it cannot meet, and something like MAC is needed.

When operating system code is security audited, what needs can the *NIX security model not meet?

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32272124)

1. The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

2. An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

3. Auditing, along the lines of what OpenBSM provides. This isn't related to MAC, yet the team still doesn't implement it...

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32272208)

Don't run insecure software then, shitfuck.

Re:The Insecurity of OpenBSD (2, Insightful)

magellanic (689252) | more than 4 years ago | (#32272456)

The fact that the OS code is audited is nice, but can't protect against other insecure software. If you run postfix which isn't audited, and it has a hole and the attacker gets root, then there is nothing to stop them.

Maybe I'm wrong, but if the mail server isn't crap it should give up root privileges as soon as possible. So, to get root you need to do two things.

1) Exploit a bug in the mail server
2) Exploit a bug in the operating system to gain root privileges

If MAC is part of the operating system, and can therefore contain operating system bugs, how does it mitigate step 2? How does it mitigate it any more than an operating system without MAC?

An example from a commenter on the blog is that he needed to prevent root from reading users files. OpenBSD is almost the only OS left that can't meet this requirement.

Are you serious? The root user has ultimate power by definition. That's been the case with *NIX for decades.

Re:The Insecurity of OpenBSD (3, Funny)

RockoTDF (1042780) | more than 4 years ago | (#32273380)

It is Mac, not MAC. And while we are at it, it is pronounced OS ten, not OS ex. I find the two mistakes are highly correlated.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32273498)

They're talking about Mandatory Access Control, not Macintosh, you retard.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32271784)

Since when do you have to have SELinux-style security controls to be considered "secure" or not? I would imagine that having a kernel that is written robustly and prevents exploits from happening in the first place be the focus of security concerns.

The whole point of OpenBSD is to have a secure Unix-style operating system, with the emphasis on Unix. SELinux-style security is very un-Unix. The OpenBSD people are making a design choice here, and I don't think it's necessarily an illegitimate one, nor one that necessarily expands the attack surface of the operating system.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32270440)

The interesting thing about this article is that it calls out many of the OpenBSD developers in the comments. After pointing out the holes in the anonymous author's article, they point out the features that make OBSD more secure. You could condense the article into "I want you to include what I want" and the replies into "show us some code, we have thought a lot of this through, and it make sense, choose it if you like". Me, I run a busy name server for a university on OpenBSD, and have for 10 years. Some times it stayed up for 900 days, meaning I didn't continually update the o/s, because it ran rock solid. Now, I update more often, but I don't worry about the security of the system. It Rocks!

Re:The Insecurity of OpenBSD (1)

MichaelSmith (789609) | more than 4 years ago | (#32270920)

With respect, a name server is about the easiest thing to secure. It runs one application plus (maybe) ssh. The only vulnerabilities will be in BIND and they are not considered OS issues by OpenBSD anyway. Try securing a system with 100 untrusted interactive users. Or running a dodgy webhosting control panel, then see how you go.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32272040)

BIND is part of the OpenBSD base system so flaws in it will be taken very seriously.

Re:The Insecurity of OpenBSD (4, Insightful)

rivaldufus (634820) | more than 4 years ago | (#32270804)

Perhaps every Ubuntu release story should have a link to a site titled "The Unusability of Ubuntu." Seems fair, doesn't it? The article would necessarily have to be negative... title non-withstanding. Slashdot has turned seriously hostile to non-Linux open source operating systems. I'm not sure why. I've even heard people here use the classic, "nobody uses it, so it must be bad" argument - the same one Windows users make about Linux.

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32270936)

Ubuntu is not unusable regardless of what features they decide to leave out, while the argument is made that OpenBSD is insecure because of features they do leave out. So, the analogy doesn't quite work.

Re:The Insecurity of OpenBSD (1)

magellanic (689252) | more than 4 years ago | (#32271294)

No, Ubuntu isn't unusable because of omitting features. It's unusable because what they start with is unusable, and they have nowhere to go from there.

Much like security. You can't bolt on features after the fact and suddenly have a secure product.

Re:The Insecurity of OpenBSD (1)

Torino (1813872) | more than 4 years ago | (#32272074)

It isn't unusable to start with, your just attacking it because you personally don't like it. Additionally, an argument for MAC is not bolting features on after the fact. If it is properly implemented, it is in the kernel to start with. Unlike, say, rewriting Apache over 10 years to have privilege separation, which is adding it on after the fact.

Re:The Insecurity of OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#32271608)

I think it's funny that many of the items mentioned are not just hogwash, but irrelevant. The parts that make the most sense and can bring the most security (implementing MAC) is treated as though it is the be all end all of modern application security...

That's like saying DAP is what makes windows secure...

You can't say that about any OS, the configuration, application set and network design all contribute to this security. If MAC is implemented at some level but you put your files in an FTP accessible folder you've just used MAC effectively, but it didn't do you any damn good. This goes for most SELinux installations I've born witness to. They are configured to deliberately ignore bad behavior (either set permissive or with a plethora of exceptions) because the packaged and supported SELinux impedes many packaged deployments from functioning. Get the SELinux exception updating etc built into the packages and then we can talk about ease of use. (For instance, install VSFTPD on a CentOS machine set SELinux to enforce and get home directories with Kerb auth configured and try and login. ) That's an EXTREMELY common configuration and yet it fails out of the box and requires additional troubleshooting.

Convenience vs Security even at that level. You can guess how many systems make it all the way through to production with SELinux in enforce mode...

Re:The Insecurity of OpenBSD (2, Insightful)

udippel (562132) | more than 4 years ago | (#32273370)

While I consider your comment as 'Interesting', if not 'Insightful', I still can't approve of your

This is the story Slashdot should have included to run.

The story is about the release of the most recent OpenBSD, 4.7; its availability, funding, etc. The discussion about its 'lack of security' is surely of a very different nature.

Having read the article mentioned by you (I saw 43 comments,?), I can only agree - and I knew that for long - that OpenBSD has no access control systems on top of the Unix-permissions. If they should be there, and how their lack renders OpenBSD less secure than Linux, is quite another topic. Actually, I was kind of disappointed when reading the article, because it focuses solely on access control to crack OpenBSD. So even the title was badly chosen: the article talks about a perceived 'lack of a security feature' or something to that behalf; not about an 'insecure' OS. And yes, there is a difference, and the article is clear about it: If, and only if, the system is broken into (already), can additional access controls eventually contain damage.

Does anyone know if ldpd is available in Linux? (1)

migglelon (1692138) | more than 4 years ago | (#32269124)

Does anyone know if ldpd is available in Linux also? Do you need OpenBSD to support VRF's?

Re:Does anyone know if ldpd is available in Linux? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32269234)

No, not without removing a lot of OpenBSD'isms from it.

Re:Does anyone know if ldpd is available in Linux? (1)

rivaldufus (634820) | more than 4 years ago | (#32270822)

no harder than trying to port something heavily linux centric to a *BSD, I would imagine.

Good (1)

Jorl17 (1716772) | more than 4 years ago | (#32269132)

Now go RTFA before you post.

Darn, FAILED.

Bad timing... (1)

B5_geek (638928) | more than 4 years ago | (#32269198)

I just downloaded the old version 2 days ago!

On a serious note; Can a BSD client read/write/use a Debian NFS share?

Re:Bad timing... (1)

ciscon (107483) | more than 4 years ago | (#32269242)

as did i (sparcstation 5)... :-( good thing upgrading is easy.
and yes, you shouldn't have any difficulties.

Re:Bad timing... (3, Informative)

armanox (826486) | more than 4 years ago | (#32269252)

I don't know why it shouldn't be able to. Make sure the NFS versions match (NFS3, NFS4)

Re:Bad timing... (4, Informative)

baldusi (139651) | more than 4 years ago | (#32269450)

Be careful with the settings of the no-df bit in TCP fragments, which Linux NFS generates and expects, while PF rightly blocks when scrubbing. The PF FAQ is your friend there.

Where are the screenshots? (4, Funny)

Dystopian Rebel (714995) | more than 4 years ago | (#32269356)

If I can't see examples of OpenBSD running Gnome with transparent Conky over a red Lamborghini Murcielago wallpaper and maybe some cascading green character columns like the Matrix, I'm going back to Ubuntu.

Re:Where are the screenshots? (4, Funny)

rubycodez (864176) | more than 4 years ago | (#32272554)

yes, have some.

            http://tinypic.com/r/2yoo29t/6 [tinypic.com]

on a Toshiba laptop too (all devices work)

/checks pic (-1)

Anonymous Coward | more than 4 years ago | (#32269422)

Loongson comes with a bottle of Duvel?! I'll order 20 today!

Got my CD in the mail a few days ago (4, Interesting)

eudaemon (320983) | more than 4 years ago | (#32269444)

Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value. OpenBSD like anything else has its flaws: namely a insular and hostile user community and theocratic leader with a vision. On the other hand it's people like that who get things done.

It would be nice to do more with OpenBSD than I can now, but last I checked ports didn't have the latest asterisk, getting the latest Java running is a pita, the latest Apache has an incompatible license or something, ZFS will never be supported, etc, etc, etc. But staying up with the latest software isn't really a design goal for Theo & crew. It's sort of the PVP UNIX - no care bears welcome. Their targeted approach to security over features makes it the best OS out there for targeted uses, but who knows if they'll make it to 5.7 - decreasing relevance and due to narrowing mainstream software support definitely also narrows interest.

Regardless, congrats on another great release.

Re:Got my CD in the mail a few days ago (2, Interesting)

value_added (719364) | more than 4 years ago | (#32269578)

Yeah, I use OpenBSD. My firewall's named linksys and the SSID is default, both for sheer entertainment value.

I guess you could describe that as "What's the sound of one-hand clapping?" or "An inside joke of the nth degree". ;-) Entertainment aside, pf users and fans should note the pf syntax changes [marc.info] .

Re:Got my CD in the mail a few days ago (1)

eudaemon (320983) | more than 4 years ago | (#32271166)

Rule #0x0a: Nothing on Slashdot is obscure.

Re:Got my CD in the mail a few days ago (1)

PopeRatzo (965947) | more than 4 years ago | (#32269684)

My firewall's named linksys and the SSID is default, both for sheer entertainment value.

"Entertainment value"?

I've got to party with you, sometime.

Re:Got my CD in the mail a few days ago (1)

mirix (1649853) | more than 4 years ago | (#32269874)

I'll bring the sparkling apple beverage.

I've got a couple openBSD boxes myself. One is on httpd duty, the other doesn't do much, just sort of general purpose - I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this).

Re:Got my CD in the mail a few days ago (2, Interesting)

yo_tuco (795102) | more than 4 years ago | (#32270436)

"I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this)."

OBSD has support for the 20 pin gpio header on a Soekris net4801 board out-of-the-box. With that you can easily make either digital or transistor switches to control things. The shell command is gpioctl which you may want to grab the source and mod it so its not reading command line arguments and can be put in your code without an os system call depending how frequently you are reading/writing the pin states.

Re:Got my CD in the mail a few days ago (1)

mirix (1649853) | more than 4 years ago | (#32271524)

Cool. I've got an AVR32 [atmel.com] (not ARM or MIPS, something completely different) powered board that I've played with a bit, similar idea I suppose. Although I don't believe there is an openbsd port for it... I should pick up something ARM sometime, here..

I've got a sort of hate for the gpio subsystem in linux, and I've never played with the one in openBSD - I'll have to look into that.

Luckily the board I have in mind has a full PC/104 bus (essentially ISA, with a different connector), so I can inb/outb to my heart's content. It's a via C3 thing, roughly the size of a 3.5" hdd.

Re:Got my CD in the mail a few days ago (1)

MichaelSmith (789609) | more than 4 years ago | (#32271162)

I'll bring the sparkling apple beverage.

I've got a couple openBSD boxes myself. One is on httpd duty, the other doesn't do much, just sort of general purpose - I'm planning on making this one into some sort of automatics control for the house (turn the lights on, report temperature, I don't know, a bunch of lame stuff like this).

For that I would use a microcontroller. An atmel atmage8 draws 5mA running at 20MHz. It has better low level IO capabilities than a PC and it can talk to a PC through a serial port. The idea would be to use the microcontroller for day to day control and start the expensive (in power) PC when you have new instructions for it.

Re:Got my CD in the mail a few days ago (1)

mirix (1649853) | more than 4 years ago | (#32271320)

I've done some work with AVR's, and they're great. But I want to be able to SSH into this thing and see what's going on from work :)

(this is a low power centaur board anyways, I think it uses 15w full tilt..)

Re:Got my CD in the mail a few days ago (2, Funny)

eudaemon (320983) | more than 4 years ago | (#32271214)

Heh, glad I made you laugh. Why are there no slashdot meetups? Oh yeah, because that would require getting dressed and leaving the house.

Re:Got my CD in the mail a few days ago (1, Funny)

Anonymous Coward | more than 4 years ago | (#32272304)

Why are there no slashdot meetups?

What's that? I think it's the sound of thousands upon thousands of buffet restaurants slamming and locking their doors at the thought.

Re:Got my CD in the mail a few days ago (2, Funny)

butalearner (1235200) | more than 4 years ago | (#32269948)

theocratic leader

Yeah, he can really de ratchet up the abrasiveness when he wants to.

Re:Got my CD in the mail a few days ago (1)

eudaemon (320983) | more than 4 years ago | (#32271250)

/rimshot

Re:Got my CD in the mail a few days ago (1)

nurb432 (527695) | more than 4 years ago | (#32270130)

Targeting a small specialized market is never good for your longevity, regardless how good you do it.

Re:Got my CD in the mail a few days ago (1)

rubycodez (864176) | more than 4 years ago | (#32271658)

now that's funny, considering openbsd has been around since 1995, three years after the first real linux distro.

Re:Got my CD in the mail a few days ago (1)

nurb432 (527695) | more than 4 years ago | (#32272482)

15 years is a blip. When it hits 30 we can talk.

Re:Got my CD in the mail a few days ago (1)

rubycodez (864176) | more than 4 years ago | (#32272702)

bullshit, for software project 15 years with tens of thousands of users worldwide is smashing success and proven endurance. There are multi-million dollar commercial software success stories that have risen and fallen in a shorter time and are no longer used.

Re:Got my CD in the mail a few days ago (2, Insightful)

magellanic (689252) | more than 4 years ago | (#32272820)

OpenBSD doesn't want to take over the world, see the project goals [openbsd.org] . This doesn't stop their work becoming used on a large scale, but this happens because of the software's features and technical superiority.

On the other hand, many Linux advocates seem to be obsessed with the idea of world domination. I've seen these people choose Ubuntu for reinstall/upgrade jobs when their friends and family would genuinely be more comfortable, and better off, with Windows or OS X.

Decide for yourself which is the more noble goal.

Re:Got my CD in the mail a few days ago (2, Interesting)

jd (1658) | more than 4 years ago | (#32270288)

I'm not sure that it has decreasing relevance. For something like a firewall or other networked appliance (where you don't actually have users logging on and interactively using it), OpenBSD is way ahead of the game. Auditing the kernel and securing that is actually a good strategy for such devices, whereas mandatory access controls would be more of a cycle-hog. For reasons I don't entirely understand - or agree with - the world is slowly moving away from desktops and towards appliance-based computing. Look at the rate Droid is accumulating apps, compared to the rate new stuff is being written for Linux.

I do not know what the ideal security strategy is - I feel that it must involve components that are transparent to any part of the kernel the user or superuser can substantially interact with, because although you can prove a Security Kernel correct mathematically (it is one of the few OS components simple enough), this is useless if there is any means of either accessing the functions protected or re-implementing them, yet nobody likes re-designing implementations and call points are bound to be missed if code changes are required. This means that the security kernel has to act in a manner akin to dynamic probes and inject itself into modules without needing static insertion points. Security then just becomes a form of debug in step mode (continue until next probe, then pause the kernel thread) in which the debug data is analyzed automatically rather than by an engineer.

Re:Got my CD in the mail a few days ago (1)

onefriedrice (1171917) | more than 4 years ago | (#32270504)

OpenBSD like anything else has its flaws: namely a insular and hostile user community and theocratic leader with a vision.

I see what you did there.

Re:Got my CD in the mail a few days ago (1)

rsax (603351) | more than 4 years ago | (#32270606)

and theocratic leader

Nicely done.

Re:Got my CD in the mail a few days ago (1)

magellanic (689252) | more than 4 years ago | (#32270730)

...hostile user community and theocratic leader...

I've observed the OpenBSD attitude as being anything but religious in most cases, at least compared to FSF/GNU folk, and far closer to the laudable `shut up and hack'. The community may appear hostile, but successful users need to have initiative rather than being spoon fed. `RTFM', or a milder equivalent, is often the best way to encourage that.

Re:Got my CD in the mail a few days ago (1)

eudaemon (320983) | more than 4 years ago | (#32271126)

As others have noted, this was a double entendre if not downright pun. OpenBSD users are not by and large welcoming if someone trips across the wrong e-mail list. As I stated - it's the PVP OS: come prepared to defend yourself. In the case of OpenBSD that means reading the FAQs, trolling the list history and submitting a dmesg when you do ask a question. Failing to do that is the EVE Online equivalent of flying your pod through 0.0 space.

Re:Got my CD in the mail a few days ago (1)

magellanic (689252) | more than 4 years ago | (#32271878)

I'm surprised you have time to investigate other operating systems if you're thinking in MMORPG analogies. :)

Nothing can beat Apple (2, Insightful)

Ilgaz (86384) | more than 4 years ago | (#32273430)

IMHO if someone has problem with OpenBSD community/leader, he should hang at Mac community/websites/mags and especially IRC channels for a while.

I also think OpenBSD theocratic leader and hostile community could be the reason why OpenBSD has its unique and prestigious position today... We all heard how many users got banned for questioning inclusion of Mono to a "user friendly" Linux OS distro which has democratic leadership right?

Re:Got my CD in the mail a few days ago (2)

Torino (1813872) | more than 4 years ago | (#32270878)

It would just be nice if they extended their definition of security to be more than preemptive bug fixing.
The article I linked to above is a good discussion of this. Given how they flat out reject MAC, and the reasons they give for doing so, it seems they know very little about actual security.

Re:Got my CD in the mail a few days ago (1)

rubycodez (864176) | more than 4 years ago | (#32271760)

Their definition of security goes far beyond pre-emptive bug fixing, but the author of that article is ignorant of OpenBSD security, and Unix security in general, and moreover thinks MAC will save him from the common exploits that bring down real machines (which any experienced Unix admin knows is total B.S.)

Re:Got my CD in the mail a few days ago (1)

rubycodez (864176) | more than 4 years ago | (#32271862)

Your beef about asterisk might be a bad assumption. I build asterisk systems as part of my job. The 1.6 series asterisk has all manner of issues, you'll be wanting to use 1.4.x (1.4.25 or above) if you intend to do production stable system. As it happens, OpenBSD even has binary 1.4.25 package ready to install at a single command.....

And, in the ports (scripting-based system), you have 1.6.0.25. which is considered a more stable of the 1.6.x series, such as it is.

Loongson Support (1)

Anonymous Coward | more than 4 years ago | (#32269534)

Good for OpenBSD for supporting a computer architecture that is fully open and documented. Oh, the irony that it hails from communist China! And, eee-gads! It looks like Theo and Richard both like it! http://www.osnews.com/story/22674/China_s_Loongson_Processor_Effort [osnews.com]

Re:Loongson Support (0)

Anonymous Coward | more than 4 years ago | (#32269670)

And yet it still sucks dick even in comparison to a 6 year old Intel or AMD chip.

Re:Loongson Support (0)

Anonymous Coward | more than 4 years ago | (#32270434)

I expect that many people would gladly pay for a dick sucking CPU, as long as it does it well.

Is GNU/Linux networking as poor as it was before? (2, Informative)

lanner (107308) | more than 4 years ago | (#32269536)

When it came to things like OSPF, BGP, routing, filtering (pf failover) and that sort of networking things, Linux hasn't been the best (though queuing and protocols have had some innovations and dev work).

Anyone have an opinion on this?

For example, Zebra was basically abandoned (it sucked anyway), which now became quagga -- if I wanted a Cisco, I'd get a Cisco. Stop trying to make it a damn emulator.

BGP? I don't even know if there is anything.

iptables is cool, but it just doesn't have failover like pf has (I want people with real-word experience, don't tell me "it's supported" when it's crap.)

Re:Is GNU/Linux networking as poor as it was befor (1)

soppsa (1797376) | more than 4 years ago | (#32269722)

Frankly zebra, openbgpd and this mpls daemon are pretty silly. Designed for academia I guess, nobody serious uses these after their track record of instability.

Re:Is GNU/Linux networking as poor as it was befor (0)

Anonymous Coward | more than 4 years ago | (#32269758)

This is clearly the unbiased opinion (*chortle*) of Ballmer's favorite cock jockey. Nothing to see here fucks but the usual sopssa FUD.

YHBT (1)

mister_playboy (1474163) | more than 4 years ago | (#32270516)

Check that user's name a bit more carefully. :)

Re:Is GNU/Linux networking as poor as it was befor (0)

Anonymous Coward | more than 4 years ago | (#32271030)

Quagga has made amazing strides. We've been using it where I work (small local ISP) for several years. We got rid of our main router about 2 years ago (Cisco 7600) and went with it due to a number of factors. I administrate a /20 over it with ~40 remote locations, ~200 servers, PtP VPN tunnels, and around ~100 road warrior VPN tunnels and it hasn't crashed on me yet. The servers uptime is 547 days right now (updates if I recall). We only have 4 peering lines, but unless our providers have had issues we haven't had any.

Oh and it's actually running virtualized in an HA cluster of Xenservers, if it dies, at the most there's ~5-10ms of downtime. Load average on the machine is 0.00,0.00,0.00. Is it ready for production? I can't say for all shops, but for our modest outfit it does amazing well.

But yea, Zebra did suck. And no iptables doesn't do complete failover. Though it would be super nice, it's a feature that I could live without. My clients can generally live with a dropped connection every year or two, though I'm well aware some shops cannot.

Re:Is GNU/Linux networking as poor as it was befor (0)

Anonymous Coward | more than 4 years ago | (#32271144)

Who cares, you should be using a Cisco router.

Offtopic much? (0)

Anonymous Coward | more than 4 years ago | (#32272514)

What exactly does linux networking have to do with openbsd? Are we new to this system administration stuff?

Up2Date Mirror List (1)

AFresh1 (1585149) | more than 4 years ago | (#32269620)

Please be sure to use a mirror [spacehopper.org] (or torrent [somedomain.net] ) rather than overloading the main site.

I love OpenBSD (4, Informative)

lemur3 (997863) | more than 4 years ago | (#32269656)

I started using OpenBSD at version 2.7 after a few years using various versions of Redhat linux and Mandrake.

I was hooked right away.. It was a lot of things. Maybe the first was the really easy installation process... In my opinion it still might be the simplest out there. There is the well written man pages.. And the simple 'full' installation. It was easy to understand where everything was and it mostly stayed that way from release to release. The config files seemed easy to read and the firewall was really snazzy!

They do some good work! I enjoy using it, even if all I am really doing is small scale hobby work.
 

I thought you said FreeBSD 4.7! (-1)

Anonymous Coward | more than 4 years ago | (#32269940)

I was like what day is it april 1st? no
Sysad prank day? no
Man I thought I was in a timewarp!
I check the date on the post? nope
Was slashdot exploited?

Then I look closer OpenBSD. ahh

Tagged "beastie" (1)

kimvette (919543) | more than 4 years ago | (#32270616)

why has no one tagged the article "Beastie?"

Re:Tagged "beastie" (1)

hhw (683423) | more than 4 years ago | (#32270824)

Because OpenBSD is represented by a blowfish? It's FreeBSD that has Beastie as its mascot.

Re:Tagged "beastie" (1)

mirix (1649853) | more than 4 years ago | (#32274236)

openBSD used to have the beastie until 2.x, I think.

I've got a shirt with him and "openBSD" on it :-)

I still think the "greasy cop" mascot from 2.5 was the best though. picture [openbsd.org]

What happened to the music? (2, Interesting)

Improv (2467) | more than 4 years ago | (#32270624)

Used to be that the Plaid Tongued Devils provided a new song for every release - this is the first song I've seen by someone else.

I can't actually get anything done on OpenBSD. (-1)

Anonymous Coward | more than 4 years ago | (#32271382)

The major problem I have with OpenBSD is that I can't actually do anything with it.

For my organization, if I need a locked down desktop, I'll take the time to properly set up a linux box using something like SELinux. That way, I can use up-to-date applications that OpenBSD doesn't support.

If I need hardware to secure my network, then I'll buy hardware that fills a specific function. If I need a firewall, I buy a firewall. If I need a filtering router, I'll buy a router that can do filtering. If I a need a secured server, I'll buy a server and then lock it down.

Re:I can't actually get anything done on OpenBSD. (1)

magellanic (689252) | more than 4 years ago | (#32272046)

It's entirely possible that a piece of hardware you buy contains portions of *BSD code.

So maybe at some point you will use it, if you don't already, just not how you'd expect.

Best way to get my feet wet? (1)

Phoenixhunter (588958) | more than 4 years ago | (#32272026)

What's a functional network appliance type device that supports OpenBSD through and through to load up OpenBSD 4.7 on?

UTF-8 in console/ssh (1)

Pinchiukas (828697) | more than 4 years ago | (#32272148)

Does it support UTF-8 out-of-the-box yet?

The problem with OpenBSD (0)

terryfunk (60752) | more than 4 years ago | (#32273482)

is the founder himself, Theo the Raat

At long last. (0)

Noland150 (847733) | more than 4 years ago | (#32273962)

This will be the year of OpenBSD on the desktop.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>