×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD 3.2 Available

michael posted more than 11 years ago | from the daemon-goodness dept.

BSD 331

fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

331 comments

slashdot down (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578673)

why els fp?

Re:slashdot down (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578703)

Slashdot is now showing ads from doubleclick...

how long have they been doing that?

Re:slashdot down (0)

Anonymous Coward | more than 11 years ago | (#4578754)

They have been doing that a long time, maybe a year or so.

Block any doubleclick location you encounter, and block "images.slashdot.org" and "images2.slashdot.org".

That should enhance your slashdot browsing experience.

ATTN Michael Sims (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4578876)

You're still an assclown.

Ever consider taking a shit and posting the results on censorware.org?

Waiting for.. (1)

Karamchand (607798) | more than 11 years ago | (#4578675)

..legal official ISO images ;-)

Naah, just kidding. Everyone ought to order & buy her/his official OpenBSD CDs to support our favourite OS!

Re:Waiting for.. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578812)

How does buying OpenBSD support Windows 2000?

Re:Waiting for.. (0)

Anonymous Coward | more than 11 years ago | (#4578826)

"Naah, just kidding. Everyone ought to order & buy her/his official OpenBSD CDs to support our favourite OS!"

...unless that OS happens to be Windows.

Re:Waiting for.. (1)

penguin_punk (66721) | more than 11 years ago | (#4578944)

"Naah, just kidding. Everyone ought to order & buy her/his official OpenBSD CDs to support our favourite OS!"

Yup. I've never used OpenBSD before, but I pre-ordered my cd when ./ last posted that this release was coming out of beta.

If all else fails, I'l lgo back to Win2K Advanced Server and I'll have some fancy blowfish stickers.

Wish me luck.

FP (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578676)

of Deeeezzzzz Nutz

Nth post? (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4578677)

BSD == Dead ??

Netcraft confirms *king found dead (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578764)

I just read the sad news on the netcraft website, reviled adulterer and gansta rapper Stephan "M.C." Hawking was found dead in the arms of Stephen King at King's Maine estate early this morning. You may not have gotten "A Brief History of Rhyme" or "The Stand", but no one can deny their impact on modern Western culture. Truly white male establishment icons, they will be missed.

FreeBSD (2, Interesting)

drxenos (573895) | more than 11 years ago | (#4578678)

I've always been a fan of FreeBSD. How does OpenBSD compare?

Re:FreeBSD (0, Insightful)

Anonymous Coward | more than 11 years ago | (#4578737)

The only real advantage that OpenBSD has is hardware crypto accelerators support, but even that is being ported to FreeBSD now. OTOH, OpenBSD isn't even using ELF yet, has no SMP support, less than 1000 packages and most of its developers are total PITA to deal with. It runs on more platforms. I'd say OpenBSD looks like a cheap NetBSD rip-off.

Unfortunately, FreeBSD seems to be plagued by trolls lately [freebsd.org]

Re:FreeBSD (1)

Karamchand (607798) | more than 11 years ago | (#4578760)

According to the release notes [openbsd.org] there are "Over 1800 pre-built and tested packages".
Just FYI :-)

Re:FreeBSD (0)

Anonymous Coward | more than 11 years ago | (#4578811)

I stand corrected. But good luck if you ever send a bug report. I'm not sure what's worse, those OpenBSD assholes or the "FUCK FUMEROLA" troll that floods the FreeBSD ports list. They even closed the send-pr [freebsd.org] system!

Re:FreeBSD (5, Informative)

c13v3rm0nk3y (189767) | more than 11 years ago | (#4578747)

I've always been a fan of FreeBSD. How does OpenBSD compare?
Try this link [bsdtoday.com] . There are a bunch of FAQs, some of them directly compare *BSD, Linux &etc.

Re:FreeBSD (4, Informative)

CoolVibe (11466) | more than 11 years ago | (#4578763)

Depends on what you want to do. FreeBSD is better suited as a workstation or a high-performance server. OpenBSD does great for bastion-hosts and firewalls.

Re:FreeBSD (5, Informative)

Ryvar (122400) | more than 11 years ago | (#4578806)

Short Answer:
OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.

On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . . .

OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.

The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.

To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.

Re:FreeBSD (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578846)

It's not easy to compare these two, so I've come up with a useful analogy. FreeBSD would be 'dead', and OpenBSD 'fossilised'.

CLINTON - HAITI (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578679)

(written by Lee Barnett and Kim Morrissey)

1. GRAMS "HAIL TO THE CHIEF"

2. CLINTON : Well, boys, what's the situation with Hi-ate-ee?

3. ADVISOR 1 (WOMAN): Excuse me, Mr. President. I think that's pronounced "High-ti ... as in "High"

4. ADVISOR 2 (WOMAN): Actually, Mr. President, I think you'll find it's pronounced "Hate-ti" as in "hate"

5. CLINTON: Gosh darn, I don't give a damn how you pronounce it, what's happening to our men?

6. ADVISOR 1: Well, it's not looking good. Two hundred of our men are being held off by sixteen hundred armed troops.

7. CLINTON: So, you think we should use nucular weapons?

8. ADVISOR 1: Excuse me, Mr. President. I think you mean "nuclear"

9. CLINTON Do I?

(Page 2)

1. ADVISOR 2: No, no, of course not.

2. ADVISOR 1: Certainly not.

3. ADVISOR 2: After all, after Somalia, Nicaragua and the Gulf, the last thing we need is to spoil our image as the world's peacemaker.

4. GRAMS "HAIL TO THE CHIEF"

ENDS

Well, that was STUPID... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578705)

I HATE-ti you.

What Am I Waiting For? (5, Funny)

Zech Harvey (604609) | more than 11 years ago | (#4578681)

Common Criteria certification so it can be just as secure as my Windows 2000 boxen!

Re: What Am I Waiting For? (1)

dex22 (239643) | more than 11 years ago | (#4578702)

I was sure he was joking, until I got to "Zech Harvey, MCSE", and now I'm filled with a dreadful uncertainty!

Re: What Am I Waiting For? (1)

Zech Harvey (604609) | more than 11 years ago | (#4578745)

I had added a </facetious> to the end of the post, but forgot to set the message type to "Extrans." D'oh!

Re:What Am I Waiting For? (-1)

Anonymous Coward | more than 11 years ago | (#4578711)

Keep your Win2000 turned off.
Keep it secure.

Re:What Am I Waiting For? (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4578738)

You're not funny. Shut the fuck up.

Re:What Am I Waiting For? (1)

Zech Harvey (604609) | more than 11 years ago | (#4578789)


Master Gates, Don't hate me! I really like Windows! I do! I really believe in the power of the MCSE! I didn't just shell out a bunch of money for them to get my foot in the door to the businesses in my area! I promise I'll be good! Honest! It's not true! I don't run Linux at home! Don't find my lack of humor disturbing!!! (Sorry, slow day at work, I'm getting slap-happy)

Re:What Am I Waiting For? (4, Funny)

liquidsin (398151) | more than 11 years ago | (#4578773)

Well, it's only at version 3.2. I'm guessing version 3.3 would be like the third service pack of version 3, and it seems you can't get certified until SP3. I'm sure they'll get there soon enough.

Foist poist (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578682)

Cause slashdot is slower than old people fscking.

Gnome? (0)

Anonymous Coward | more than 11 years ago | (#4578683)

I like the security and stuff, but can I get gnome(2) for it?

OpenBSD questions (1, Interesting)

Anonymous Coward | more than 11 years ago | (#4578684)

1. What advantage does pf have over netfilter? Any links to performance comparisons between the two?
2. Are the fsn.hu isos kosher?

The mirrors are busy, busy, busy! (-1, Offtopic)

doggo (34827) | more than 11 years ago | (#4578685)

Dagnabbit, I can't get an ftp install to complete, I keep getting kicked.

Oh and....frost pist!

Well .. (5, Funny)

Mr_Silver (213637) | more than 11 years ago | (#4578687)

The the files are there. What are you waiting for?

5:30pm, 8 pints of lager, one dodgy kebab and a chance to yet again make a piss poor attempt to chat the attractive barmaid up.

Well you did ask!

Re:Well .. (5, Funny)

SirSlud (67381) | more than 11 years ago | (#4578731)

> to yet again make a piss poor attempt to chat the attractive barmaid up

barmaids get slashdotted by drunk guys every night. i recommend you search your neighbourhood for a mirror so you can have all the bandwidth to yourself.

Re:Well .. (4, Funny)

$rtbl_this (584653) | more than 11 years ago | (#4578840)

...i recommend you search your neighbourhood for a mirror...

Surely this would only work if you were a hopeless narcissist.

Ewwwww... (0)

Anonymous Coward | more than 11 years ago | (#4578922)

I wouldn't want to be the one to have to clean that mirror...

Well, I'm waiting for a downloadable iso (1, Flamebait)

Hairy_Potter (219096) | more than 11 years ago | (#4578688)

and I think I'm going to be waiting a long time.

Re:Well, I'm waiting for a downloadable iso (5, Informative)

LordHunter317 (90225) | more than 11 years ago | (#4578713)

Download the sources. Burn on a CD. There you go.

IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.

Otherwise, buy a CD.. we need the money.

Re:Well, I'm waiting for a downloadable iso (0)

Anonymous Coward | more than 11 years ago | (#4578739)

I've seen unofficial ISO images at ftp://ftp.fsn.hu/pub/CDROM-Images/openbsd, but have never used them. I'd be interested in knowing the opinion of someone who has.

Re:Well, I'm waiting for a downloadable iso (0)

Anonymous Coward | more than 11 years ago | (#4578952)

You need the money, eh? Maybe if the shitty OS actually came with half of the features most modern OSes for the x86 platform had, I might consider it. As it stands I wouldn't even download that crap, let alone buy it. I doubt many other people would either.

Re:Well, I'm waiting for a downloadable iso (3, Insightful)

Anonymous Coward | more than 11 years ago | (#4578744)

you could probably find one that someone hand-rolled and put up for download, but you'd be a moron to trust it.

I'm waiting (2, Funny)

swillden (191260) | more than 11 years ago | (#4578689)

What are you waiting for?

Ummm... a Linux port?

Re:I'm waiting (4, Informative)

questionlp (58365) | more than 11 years ago | (#4578837)

Maybe not quite what you are looking for, but there is the infamous Linux Compatibility mode [openbsd.org] for OpenBSD (as well as FreeBSD and NetBSD) that will allow you to run many Linux applications. OpenBSD also supports the Ext2 file system (again, same with FreeBSD and most likely NetBSD).

Too bad (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#4578690)

That BSD is dying.

Both of the guys using it are considering a switch to OS X

Re:Too bad (1)

DrQu+xum (218745) | more than 11 years ago | (#4578776)

Gee, too bad OS X doesn't run on my old Sparc Classic X.

And to answer the question "If you run a Sparc, why not NetBSD or Linux?":

1. I like the Ports Collection.
2. The last semi-up-to-date and half-decent Linux I've seen for Sparc32 was SuSE 7.3.

Re:Too bad (0)

Anonymous Coward | more than 11 years ago | (#4578852)

NetBSD has pkgsrc, the moral equiv.

Re:Too bad (1)

rmadmin (532701) | more than 11 years ago | (#4578863)

Good question. I'm finding it hard to decide on an OS for my old sparc32's. Solaris 2.6 seems to run fast, but I fear the security. I've ran Obsd 3.1 on it, and even with 320 meg of ram, its still quite slow. Redhat 6.2 is out of date. Debian I'm just not fond of (sorry, I'm a slack person). Slack quit devel, and someone picked it up with Splack, which is still beta, and well, has problems. SuSE? Never ran it, don't want to, MDK? See SuSE. I haven't tried NetBSD, maybe I'll give that a shot next. Anyone got any other suggestions? (And no, I'm not going to try to compile Gentoo on my poor ole sparc.)

What's a nice OS doing in a place like this? (0)

Anonymous Coward | more than 11 years ago | (#4578692)

Does anyone read squid [openbsd.org] ? And can OpenBSD really protect you if you engage in such unsafe behavior?

Say wha? (1, Funny)

PhysicsScholar (617526) | more than 11 years ago | (#4578706)

The the files are there.

I guess the Slashdot outage over the past 10 minutes or so was due to the installation of Apache mod_stutter.

mod_stutter (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578761)


Ch-ch-ch-changes!

OpenBSD is (-1, Troll)

I'm not a script (612110) | more than 11 years ago | (#4578712)

openbsd is superior
openbsd is being a pain in the
openbsd is installed
openbsd is superior by ben goren background
openbsd is freely available from our ftp sites
openbsd is all free
openbsd is also an extremely capable operating system
openbsd is not secure anymore
openbsd is for monkeys
openbsd is being a pain in the neck
openbsd is a serious project
openbsd is shipping does not support hdlc or isdnd
openbsd is indeed not "a server os" or "a hacker os"
openbsd is a really nice os
openbsd is audited for that most frequent of security problems
openbsd is the perfect tool in other situations
openbsd is even driving my hp laserjet 5l and deskjet 882c printers for my windows clients
openbsd is more secure than most versions of linux
openbsd is one os that's likely to be voted "most secure
openbsd is extremely robust and is capable of anything that commercial competitors such as checkpoint are
openbsd is now booting multiuser and generally useable on 64 bit sparc systems
openbsd is just awesome
openbsd is put together that the linux community needs to take note of
openbsd is often noted for its code auditing and integrated crypto
openbsd is for december
openbsd is stable and runs on several different types of computers
openbsd is security
openbsd is a fairly complete system of its own
openbsd is thought of by many security professionals to be the most secure unix
openbsd is the most secure server operating system now available
openbsd is preparing a libssl based on the patented rsaref code
openbsd is one
openbsd is complete packaging for the average joe shmoe user
openbsd is following netbsd's source tree > that it has all of the nbsd 1
openbsd is my operating system of choice
openbsd is pretty much straight forward
openbsd is also available separately
openbsd is used for dns
openbsd is one of the few systems that ships with perl preinstalled
openbsd is hailed by security buffs as uncrackable; it's been over three years
openbsd is the first unix
openbsd is free
openbsd is an open
openbsd is great
openbsd is the secure os specialist
openbsd is the closest thing to a set
openbsd is unsupported under virtual pc
openbsd is freely available from
openbsd is widely hailed as being the most secure os available
openbsd is a group that has done it right
openbsd is released on a sixth month development cycle
openbsd is still relatively new
openbsd is our favourite operating system
openbsd is a free
openbsd is used to provide various network services in the department of genome sciences
openbsd is much better then linux
openbsd is highly regarded as a great firewall
openbsd is one of the industry's most secure operating systems
openbsd is nothing for pure office work
openbsd is regarded as one of the most secure operating systems on the market today
openbsd is an open source multi
openbsd is developed and released from canada and due to canadian law it is legal to export crypto to the world
openbsd is only able to boot from hfs
openbsd is supposed to be indestructable
openbsd is to give the boot loader
openbsd is a free version of unix that runs on intel/cyrix/amd pentium
openbsd is unfriendly
openbsd is now available from openbsd
openbsd is a free unix
openbsd is very difficult
openbsd is the operating system for your site
openbsd is a robust and competent open source operating system project besides freebsd
openbsd is not covered by this faq
openbsd is my
openbsd is based on netbsd so it inherits most of it's advantages
openbsd is een open source operating system en gebaseerd op de bsd kernel
openbsd is comparatively minimalist
openbsd is indeed very minimalistic but it is a bit on the slow side for a couple reasons
openbsd is one choise but their linux version didn't work on my laptop
openbsd is a vulnerable operating system because it runs on a computer which can be physically accessed by an intruder

Um micheal. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578714)

Its the 1st of november now, you can stop posting stories about dead operating systems and their ghosts! Wait until next year

Re:Um micheal. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578904)

True.

And you can mob yer ass over to a dictionary and learn how to spell "Michael"....

*BSD (0, Troll)

moorg (537751) | more than 11 years ago | (#4578720)

I thought the most secure OS was Windows 95. With NIC support like that nobody should be able to connect to your computer. On a more serious note, is OpenBSD recommended as an internet server over all of the other distros?

Re:*BSD (1)

einer (459199) | more than 11 years ago | (#4578792)

In addition to this I was wondering if anyone knew how well the different J2EE containers ran under this BSD? Long ago (18 months, or a generation in IT time) I heard stories that java was not very well supported. Since my OS needs have evolved, I am now looking for a simple, secure and fairly modern operating system that isn't Linux (not that I have a problem with it, just broadening my horizons a bit).

Re:*BSD (4, Informative)

c13v3rm0nk3y (189767) | more than 11 years ago | (#4578858)

Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.

They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.

Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.

OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").

Re:*BSD (5, Informative)

c13v3rm0nk3y (189767) | more than 11 years ago | (#4578810)

...is OpenBSD recommended as an internet server over all of the other distros?

Depends who you talk to ;)

A good place to start is here [openbsd.org] , to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal [deadly.org] to see what people do with it.

My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.

Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.

What about hexadecimal? qjkx (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578723)

Is it infested with decimal?

OFFTOPIC (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578742)

Do anyone who will see this run a freenet node?
If so, please visit SSK@tyG6z6Evys7R9i1LKfA4IgppVx0PAgM/WTS/3//

I even have an feedback form there that you could use to let me know that it works.

thanks

Re:OFFTOPIC (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578923)

Hi, before I go there, I'm wondering, is it, a disgusting picture, or, something?

Re:OFFTOPIC (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578941)

No, it is mostly some funny anime music videos and other random stuff

Where are the background pictures? (2)

Otter (3800) | more than 11 years ago | (#4578750)

cool pictures for xdm-logins...What are you waiting for?

Someone to provide a direct link to the xdm backgrounds so I can use them on my Linux systems.

Actually, I didn't wait and started trawling through their FTP archive looking for them before deciding that was a) selfish and b) stupid. At least I had enough sense not to download XFree hoping they were in there and not in a separate artwork package...

Re:Where are the background pictures? (2)

Geekboy(Wizard) (87906) | more than 11 years ago | (#4578801)

Nope, they are embedded in the source for XF4. You have to run OpenBSD to see them. (Hint: they are #ifdef'ed)

Re:Where are the background pictures? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4578820)

There's a link to a Finnish mirror of the backgrounds available here [tinyurl.com] .

Some really neat stuff in there. I'm looking forward to getting it all unzipped.

Threading issues resolved? (1, Troll)

Jack Wagner (444727) | more than 11 years ago | (#4578756)

Does anyone know if they have the threading issues resolved with the kernel scheduler yet?

Tha last time I worked on any BSD code they were still having some low level race conditions occuring where the kernel scheduler would actually hit two proccesses at the same time which made it look like the program had some mutex corruption when it was actually a problem with the kernel and the semaphores they use to map memory for threads.

Granted if you're only using it as a workstation you'll never see it happen as it only happened under load but I found my clients were forced to move to a commercial Unix (I still recommend Sun) as they were the only products on the market able to handle enterprise type server loads with non-trivial applications. (okay, wer're talking n-tier Olog(n) cluster nodes which is very demanding but still...)

Warmest regards,
--Jack

Re:Threading issues resolved? (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4578821)

I'm not sure I understood all of your complaint. What do you mean about two processes being hit at the same time? Is it possible to observe this on uniprocessor machines?

In any case, I seriously doubt that Solaris is any less vulnerable to such a problem than BSD. The people at Sun may work hard on their scheduling algorithm, but the BSD scheduler was written by Steve Woston himself, and is probably the best in the world.

Re:Threading issues resolved? (2)

CoolVibe (11466) | more than 11 years ago | (#4578836)

Tha last time I worked on any BSD code they were still having some low level race conditions...

How long was that ago? I have never noticed any behaviour like that on the FreeBSD servers I put up. Oh, and one FreeBSD server I had set up once had around 50,000 simultaneous connections going to it, and it didn't flinch.

If it still has problems of the nature you describe, instead of fretting about it, you could send a PR, so the developers can fix it.

Re:Threading issues resolved? (0)

Anonymous Coward | more than 11 years ago | (#4578929)

Wow, I actually understood all that, I feel so proud of myself :)

Re:Threading issues resolved? (0)

Anonymous Coward | more than 11 years ago | (#4578955)

Talking out of your ass = 1 way trip to my foes list.

This is what I am waiting for... (-1)

Anonymous Coward | more than 11 years ago | (#4578759)

What are you waiting for?

The funeral.

Where's the Troll ? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4578767)

No sight of the BSD troll yet?
You know, that looser that always posts his BSD are dying crap..

Department of Redundancy Department (-1, Offtopic)

CmdrTypo (603848) | more than 11 years ago | (#4578769)

"The the files are there. What are you waiting for?" I'm waiting for Paris in the the spring.

It's good, but not that good (4, Insightful)

ryanvm (247662) | more than 11 years ago | (#4578781)

It is well known as the world's most secure operating system

Whoa, partner. Sure OpenBSD is designed with security in mind, and as far as the BSDs go (which are generally pretty secure in their own right), it's probably the tightest. But it's quite a leap to say that OpenBSD is the most secure operating system in the entire world.

I don't know which OS would get that "award". But I'd have to believe that it'd be something obscure like a tiny, embedded, OS the NSA uses in their crypto equipment or some such.

Re:It's good, but not that good (2)

glenmark (446320) | more than 11 years ago | (#4578861)

I don't know which OS would get that "award". But I'd have to believe that it'd be something obscure like a tiny, embedded, OS the NSA uses in their crypto equipment or some such.

An embedded OS, especially if it has no networking, sure. For general purpose operating system that actually communicate with the outside world, my vote would have to be OpenVMS. So secure it makes even OpenBSD look as leaky as cheesecloth... (Buffer overflow exploits? No such thing in VMS.)

Re:It's good, but not that good (1)

kobaz (107760) | more than 11 years ago | (#4578884)

Just curious, where can I find info on how OpenVMS is designed to prevent buffer overflow exploits.

Re:It's good, but not that good (4, Insightful)

LordHunter317 (90225) | more than 11 years ago | (#4578906)

Bullcrap. We just had to put in a patch to cover a buffer overflow/memory leak issue in UCX For OpenVMS. We know it caused buffer overflow issues becuase we could bomb Sybase sending it large amounts of data. Now there may be no OS-level overflows, but your statment is just ludicris. Our code is one walking buffer-overflow. Kernel != System, and just because the kernel is secure doesn't mean the system is.

Otherwise, I tend to agree, but OpenVMS is bi*ch to configure.

Re:It's good, but not that good (0)

Anonymous Coward | more than 11 years ago | (#4578908)

Hmm. IIRC, UCX just recently suffered from a buffer overflow exploit. Sure, we're talking about software that is essentially some sort of port from some sort of BSD, but it does point out that even OpenVMS is not immune to buffer overflows.

Re:It's good, but not that good (2)

c13v3rm0nk3y (189767) | more than 11 years ago | (#4578883)

Actually, chunks of OpenBSD have made it into embedded security devices. I don't have the link handy, but the details are on OpenBSD.org.

what happened? (0, Troll)

tps12 (105590) | more than 11 years ago | (#4578790)

Wow, OpenBSD 3.2. For a while there I wasn't sure they'd ever get another release out (heh, and I'm not one of those "BSD is dying!" trolls, either!). It's always been one of my favorite BSD distros, and I'd never have switched to Linux if OpenBSD had had an SB Live! driver back in the day. The name "OpenBSD" was synonymous with "rock hard security."

It was sad to see the record for "no remote holes" disappear earlier this year. Even sadder when the holes in OpenSSH and -SSL were found. It seemed like the OpenBSD developers had maybe started to get lazy, or were too busy rushing to support the latest gee-whiz hardware and flashy features to keep an eye on security. And for most unix admins out there, flashy features aren't worth much if you don't have security.

I guess it's good to see that Theo isn't giving up. But I'm wondering if this release is going to be just another stepping stone on OpenBSD's recent path to shame, or if they are turning it around in an attempt to regain the glory of, say, 2.7. What do people think, is OpenBSD rising from the ashes or gasping its last breath?

Re:what happened? (0)

PhysicsScholar (617526) | more than 11 years ago | (#4578854)

or if they are turning it around in an attempt to regain the glory of, say, 2.7

Yes, I'll bite on one of the infamous tps12 trolls...

Version 2.7 of OpenBSD was not at all one of the top releases in terms of stability. Based on the list of errata for 2.7 [openbsd.org] , you can compare it to other point releases and find that it's actually one of the "less good" versions of a traditionally secure OS.

Trolling and spreading blatantly wrong information isn't really a nice thing to do, especially when your snide remarks make a really, really nice platform look bad.

Re:what happened? (0)

Anonymous Coward | more than 11 years ago | (#4578882)

> I wasn't sure they'd ever get another release out...

OpenBSD has a release every 6 months. This one follows the same schedule. What's the matter with you?

Re:what happened? (0)

Anonymous Coward | more than 11 years ago | (#4578940)

This one follows the same schedule.

They are actually one month ahead of schedule. The releases are usually June 1 and December 1.

Re:what happened? (4, Insightful)

grub (11606) | more than 11 years ago | (#4578888)


..when the holes in OpenSSH and -SSL were found.


The OpenBSD folks do make OpenSSH but not OpenSSL.

Re:what happened? (0)

Anonymous Coward | more than 11 years ago | (#4578897)

> What do people think, is OpenBSD rising from
> the ashes or gasping its last breath?

umm...neither?

> It seemed like the OpenBSD developers had maybe
> started to get lazy, or were too busy rushing
> to support the latest gee-whiz hardware and
> flashy features to keep an eye on security.

jeez, they're only human. and the price is right...

Re:what happened? (2)

Geekboy(Wizard) (87906) | more than 11 years ago | (#4578912)

For a while there I wasn't sure they'd ever get another release out

Every 6 months, right on schedual. There was a release last May, one last December, the June before that, December before that, etc, etc, etc.

Re:what happened? (4, Insightful)

LordHunter317 (90225) | more than 11 years ago | (#4578937)

The OpenSSL holes have nothing to do with OpenBSD, they are built by a seperate team. 3rd party auditing of the source (which is what OpenBSD does for stuff it doesn't directly develop) won't find everything.

The OpenSSH hole was to be expected, and was long past due. No software is perfect, this just proves it. Face the facs, it'll happening sooner or later.

I don't see what you mean what gee-whiz hardware. Hardware support is still pretty far down on the list, and even my new system is about 80%% supported at best. Security is still the critical issues, but the development teams is humans, and humans miss things.

Flashy features? Again the same thing. The reason I use OpenBSD is because it isn't so darn flashy. That and it just runs.

Path to shame? I think the 3.0 series has been the best yet, and the most innovative. I think it will continue to be too.

Re:what happened? (4, Insightful)

c13v3rm0nk3y (189767) | more than 11 years ago | (#4578945)

For a while there I wasn't sure they'd ever get another release out...

This puzzled me. I've been running an OBSD router since 2.6 (and we've been running it at work since 2.8). The releases have been coming out pretty much every 6 months, haven't they?

I upgrade about once a year, so I often skip releases, but I think they've only missed the release dates a few times, and only by a week or so.

Bugs will be found, which (of course) is the point of the OBSD project. I just don't see any shame in that. Lot's of organizations get compromised. The real test is how the organization reacts and recovers.

*shrug* From my POV, the releases have been getting better and better. I can't imagine running anything else as an edge box.

Of course, I may be wrong. Even openbsd.org runs Solaris!

security (2, Insightful)

MoceanWorker (232487) | more than 11 years ago | (#4578800)

It is well known as the world's most secure operating system

That is true.. if you do a default installation and make absolutely no change to any of the services that come installed with it.. that's why it was secure for 4 something years.. but they didn't mention that if you had an old BIND version at the time it would still be "secure" :-)

I don't think so.... (5, Funny)

Dr_DTHP (132769) | more than 11 years ago | (#4578804)

>[OpenBSD is] the world's most secure operating system

Hear that sound? It's the VMS users (all 8 of them, currently, unless Fred's VAX killed his mains power again and he switched to OSX) choking on their lunches in laughter.

Minimum hardware requirements? (0)

Anonymous Coward | more than 11 years ago | (#4578830)

I've got an old laptop on which I'd like to try to install OpenBSD. I poked around the FAQ and Installation Guide, but could not find any mention of hardware requirements for running the installer (especially RAM requirements). Does anyone know or could someone provide a link? Thanks.

*ahem*, not quite (2, Redundant)

naasking (94116) | more than 11 years ago | (#4578857)

It is well known as the world's most secure operating system

Let's rephrase that as, "It is well known as the world's most secure UNIX operating system." Otherwise it's not true.

OpenBSD 3.2 release (2)

possible (123857) | more than 11 years ago | (#4578860)

Here's a mirror of the official release announcement [deadly.org] . Lots of cool new stuff in this release...among them:
  • ELF for Sparc [deadly.org]
  • Non executable stack on many architectures (including x86), non executable heap on many architectures
  • More support for hardware crypto accelerators
  • Apache runs chrooted by default (if you want)
  • systrace

Good to see (2)

greygent (523713) | more than 11 years ago | (#4578881)

Good to see, there are several facets of it that I absolutely love.

Now only if they could speed up the network and disk I/O to the levels of FreeBSD. Oh, and SMP would be great, too, but according to the OpenBSD developers, that's not a hot project of theirs.

So until then, I still keep a watchful eye, and a PC in the closet where it belongs with the latest version installed as a toy to play around with.

What are you waiting for? (3, Informative)

Anonymous Coward | more than 11 years ago | (#4578917)

> What are you waiting for?

SMP Support.

What's a "the" file? (0)

Anonymous Coward | more than 11 years ago | (#4578948)

Some new kind of super-secure compression?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...