Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD 3.9 Released

Hemos posted more than 8 years ago | from the free-willy dept.

Encryption 130

An anonymous reader writes "OpenBSD 3.9 was released this morning and is now available for download from the OpenBSD mirror sites. Among the new features is integrated framework for monitoring hardware sensors, a BSD licensed driver for nvidia nforce ethernet, and loads of new drivers and bug fixes. Of course you can still purchase the CD-ROM set which includes support for five platforms: i386, amd64, macppc, sparc, sparc64, and also includes the complete blob free source tree and prebuilt packages for many architectures. As always your contributions help to continue the devlopment of this great opeating system."

cancel ×

130 comments

A new twist on the old Soviet Russia joke (3, Funny)

Ohreally_factor (593551) | more than 8 years ago | (#15236007)

BSD confirms it. Netcraft is dead.

Re:A new twist on the old Soviet Russia joke (3, Informative)

CRCulver (715279) | more than 8 years ago | (#15236033)

We have all come to know and love the "BSD is dying" jokes, but I'm noticing so much publishing going on in the BSD world, with O'Reilly offering a BSD security guide [amazon.com] and Addison-Wesley releasing a guide to BSD's design [amazon.com] . Clearly enough people are using it and continuing to get the most out of it if it is still profitable for tech publishers to offer documentation. If BSD were really sinking, we'd start noticing more BSD-to-Linux migration guides.

Re:A new twist on the old Soviet Russia joke (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15236242)

In the on-topic case of OpenBSD, it is going to stay in semi-widespread usage for the visible future, because it has carved out a niche that does not at this have time have matching-reputation security competitors. Plus the appeal stemming its developers devotion to detail (read quality) and the BSD-esque free-software ideals have been slowly swelling its user base -- particularly among uber-geeks (mostly broke uber-geeks it would seem)..

Theo's idolizing of Wowbagger may have held it back a bit, but you can't say the man doesn't have vision ...

Contributions will help all opeating systems. (5, Insightful)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15236008)

As always your contributions [openbsd.org] help to continue the devlopment of this great opeating system."

That sentence about should read:

As always your contributions [openbsd.org] help to continue the devlopment of all opeating systems.

Apple's security relies on openSSH, Microsoft service's for Unix are openBSD tools, there's traces of it all over linux. In short openBSD has made everyone's lives better - you should contribute to openBSD if you're a computer user of any sort!

Thanks Theo - for releasing your work under a BSD license, you've allowed us all to benefit from it.

Re:Contributions will help all opeating systems. (0)

Anonymous Coward | more than 8 years ago | (#15236089)

I believe the sentencs should read,

As always, your contributions help to continue the development of all operating systems.

If you are going to fix it, you might as well fix the spelling. Good point though.

Re:Contributions will help all opeating systems. (0)

Anonymous Coward | more than 8 years ago | (#15236105)

Too true! As a port maintainer, I have have found several bugs as result of OpenBSD's rigorous memory handling. I subsequently patched those bugs and upstreamed those patches. So users of the same software on other OS's benefit from the good work going on in OpenBSD land.

Re:Contributions will help all opeating systems. (1)

trewornan (608722) | more than 8 years ago | (#15237022)

As a port maintainer I wonder if you know whether OpenOffice has been added to the ports. I've managed to get it working (after a fashion) on previous releases but it's never been stable.

OpenBSD and OpenOffice... (1)

arthas (654815) | more than 8 years ago | (#15237545)

I think you have to run Ooo in Linux emulation mode (add kern.emul.linux=1 to /etc/sysctl.conf and pkg_add relevant packages (see OpenBSD FAQ)). This is absolutely the best (and only) way to run Ooo in OBSD for now...

One problem is that Ooo contains lots of bugs, especially those related to memory handling. These bugs cause problems with e.g. OpenBSD's new malloc(3) call. Some porting and bugfixing work has actually been done by some OpenBSD developers but as far as I know that particular port is nowhere near production quality. Apparently more developers/coders/testing guinea pigs (with proper bug reporting skills [undeadly.org] ) are needed. Some information about the OpenBSD port of Ooo is available in this presentation [openbsd.org] .

Re:Contributions will help all opeating systems. (0, Offtopic)

omeg (907329) | more than 8 years ago | (#15236112)

And don't forget the comma after "always".

Not to disagree with you... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15236126)

Not to disagree ith you but I'm a longtime Ubuntu user (since Jan 2005) and I'd like to ask: what, among the things you've listed, couldn't have been done without Linux? Certainly Microsoft's SFU makes use of the Linux compiler, and most Linux distributions come with their own versions of openSSH. Linux has also contributed to OpenBSD, such as GNOME and the X windows. I think you can try out a liveCD of Ubuntu at least to see where development is headed.

Re:Not to disagree with you... (-1)

Anonymous Coward | more than 8 years ago | (#15236163)

hahahaha p0wnz0rr3d!!

Re:Not to disagree with you... (4, Informative)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15236186)

Not to disagree ith you but I'm a longtime Ubuntu user (since Jan 2005) and I'd like to ask: what, among the things you've listed, couldn't have been done without Linux?

Go to the Ubuntu packages pages & search for openbsd [ubuntu.com] Two pages of results! And that's barely scrathing the surface.

Furthermore, as someone else in this thread mentions, openBSD audits their code more thoroughly prior to inclusion in their system. Many packages used in Ubuntu (apache, x.org, etc etc etc) have bug fixes contributed back from the openBSD port.

You're thinking I'm saying that openBSD can do something linux can't - I'm not really, its more like openBSD is the cranky old uncle of the free-unix family, telling all the youngsters to lock their doors & not walk around at night :-)

Re:Not to disagree with you... (4, Informative)

TheRaven64 (641858) | more than 8 years ago | (#15236368)

This article, covering the release of 3.9 [informit.com] includes some discussion of the ways in which users of other operating systems benefit from the continued health of the OpenBSD project, including the views of one of the OpenBSD devs.

Re:Not to disagree with you... (0)

Anonymous Coward | more than 8 years ago | (#15236615)

[...]its more like openBSD is the cranky old uncle of the free-unix family, telling all the youngsters to lock their doors & not walk around at night

Cranky yes, but OpenBSD is the new kid on the block as far as Linux/*BSD.

Re:Not to disagree with you... (1)

Vyvyan Basterd (972007) | more than 8 years ago | (#15237782)

Not really. OpenBSD is a straight descendent of 4.4BSD which was way before Linux.

Re:Not to disagree with you... (0)

Anonymous Coward | more than 8 years ago | (#15236321)

Hey nubi. 1 1/2 years is a _short_ time. GCC and X-Windows have been around much longer than Linux, so go read up on your UNIX history.

Re:Not to disagree with you... (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15236361)

"longtime...(since Jan 2005)"

LOL! This statement is just sooo linux. So you use Ubuntu, like the hordes who jumped on Gentoo when it was cool (and on Red Hat and Mandrake long before that.) The overwhelming majority of users who yell 'Linux!' at everybody are switching distros everytime a new one comes out. That's why so much effort goes in to semi-locking-in users by the package management system, a la YAST2. Keep your Ubuntu CD for another year AC, I'll bet even money you have a different distro on your machine.

Of course, this is not to disparage the Ubuntu project; it's one of the more noble to come along in a while. But so is Slackware, because for more than ten years it's been dedicated to making a distro that just gets the damn work done. That's noble too, by the way.

Linux compiler? (1)

Santana (103744) | more than 8 years ago | (#15241029)

How is 'since Jan 2005' a long time :) This must be a joke, but just in case...

There's no such thing as 'the Linux compiler' (hint: GCC is a GNU tool, Linux is a kernel and NOT a GNU project). Neither GNOME nor the X Window System are 'Linux contributions'. GNOME is a GNU project born for giving an alternative to KDE (because Qt was not free at the time) and XFree86 predates Linux.

Dodos rejoice (3, Interesting)

Rosco P. Coltrane (209368) | more than 8 years ago | (#15236015)

which includes support for five platforms: i386, amd64, macppc, sparc, sparc64

at least you'll be able to do something with your old mac when Apple is done switching and pulls the plug on ppc support for good...

Re:Dodos rejoice (1)

FrostedWheat (172733) | more than 8 years ago | (#15236176)

which includes support for five platforms: i386, amd64, macppc, sparc, sparc64

So, is this going to make OpenBSD a new target for viruses? Someone better tell Theo!

Re:Dodos rejoice (1)

RLiegh (247921) | more than 8 years ago | (#15239711)

It's too late. I've been told they've already had one remote hole in the default install; more are bound to pour in any day now!

Re:Dodos rejoice (1)

nra1871 (836627) | more than 8 years ago | (#15236474)

at least you'll be able to do something with your old mac when Apple is done switching and pulls the plug on ppc support for good...

Why would your computer just stop working once it is no longer supported?

Re:Dodos rejoice (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15236754)

They said [onlamp.com] that OpenBSD 4.0 will support Intel based Macs too...

Re:Dodos rejoice (1)

Fulkkari (603331) | more than 8 years ago | (#15237331)

That is hardly going to happen any time soon. There is really no reason for them to stop supporting PPC, as there will be many PPC users still after 5 years. That being said, there will be a time when your PPC won't run the newest OS X anymore. Still, I am sure that the most recent version available will still be ahead of OpenBSD, when it comes to desktop use. If you are talking about servers, then you might have a point...

Rock Solid Already (5, Informative)

Anonymous Coward | more than 8 years ago | (#15236019)

Actually the CDs have been shipped for those that preordered, I got mine a couple fo weeks ago. The best thing, it just installs like a dream. I tried setting it up inside a VMware Workstation, took all of about 5 minutes from the CD.

I also made my first donation to OpenBSD for a long time, to keep it going, since I use OpenSSH every day, infact my job depends on it.

Re:Rock Solid Already (1)

little baby Blobby (971111) | more than 8 years ago | (#15236040)

I tried setting it up inside a VMware Workstation, took all of about 5 minutes from the CD.
Thanks for the informative post. I was wanting to put this version to the test, but didn't have a spare machine to use right now. With the free VMWare player, you always have a spare machine for testing purposes.

Re:VMWare screen resolution (0)

Anonymous Coward | more than 8 years ago | (#15237269)

And How do you change the screen resolution in VMWare Workstation to anything else? After I insalled 3.9 Shift+Ctl+Plus didn't change anything or cycle through the different resolutions.

Re:Rock Solid Already (3, Interesting)

pimpimpim (811140) | more than 8 years ago | (#15239913)

I've always had the easiest installs with openbsd, on a rather exotic motherboard with via C3 processor, I got my sound, video, IBM rapid access keyboard with all extra keys, etc working directly from install. I never had this with any linux version I tried. For the things I want to do: edit files, run a (web)server, listen to music, watch videos, OpenBSD gives me more than enough.

So to me, OpenBSD is just a Good Thing (R) from a practical point of view. I don't bother to have the latest version of everything, but I'm happy when things "just work" ;) and you can trust that they are solid and safe.

Opiating system (-1)

digitaldc (879047) | more than 8 years ago | (#15236028)

As always your contributions help to continue the devlopment of this great opeating system

I suggest a spellchecker, it bears worth repeating.

Re:Opiating system (1)

ickoonite (639305) | more than 8 years ago | (#15236121)

I suggest a spellchecker, it bears worth repeating.

I suggest a decent command of English. "It bears worth repeating." What is that?

iqu :|

Re:Opiating system (1)

DenmaFat (704308) | more than 8 years ago | (#15236148)

humor?

Re:Opiating system (1)

Alterion (925335) | more than 8 years ago | (#15236690)

... well if you are going to be like that what's an opiating system?.. does it get you high while you read your e-mail or something?

Have my CDs already (4, Insightful)

grub (11606) | more than 8 years ago | (#15236036)


Installed on an AMD64X2-3800. zoom Had to compile -current for something but I'm in the minority.

Order the CDs and make a donation today, you cheap bastards!

It's number one on our underfunded TO DO list... (2, Funny)

jpellino (202698) | more than 8 years ago | (#15236055)

"help to continue the devlopment of this great opeating system."

1. Spel checkr.
2. Full LRF support.
3. There is no third thing.
4. Universal Binary.

nvidia nforce ethernet (-1, Offtopic)

smitty_one_each (243267) | more than 8 years ago | (#15236071)

Keep up the pressure! This is a step in the direction of liberated video driver code.

RMS has been visible on the video driver front as well: http://www.fsf.org/blogs/community/rms-ati-protest .html [fsf.org]

If the theological debates could be set aside, a unified front may help sway the video card manufacturers.

Re:nvidia nforce ethernet (5, Funny)

Saven Marek (739395) | more than 8 years ago | (#15236114)

> If the theological debates could be set aside

THEOlogical debates. in an open bsd story. hahahahaha. geddit?

oh ok. sorry.

Re:nvidia nforce ethernet (1)

smitty_one_each (243267) | more than 8 years ago | (#15236249)

Yeah, I thought about that pun when I was writing the original post, but if I made dumb jokes instead of a point, people would think I was merely trying to stall, man. Bdump-bump (tch).

Re:nvidia nforce ethernet (0)

Anonymous Coward | more than 8 years ago | (#15236472)

Wow, I thought having open drivers was one of the main thrusts of OpenBSD.
Thanks, moderators!

Re:nvidia nforce ethernet (0)

Anonymous Coward | more than 8 years ago | (#15236838)

Jonathan Gray said [onlamp.com] some interesting things about their contacts with nVIDIA...

Re:nvidia nforce ethernet (0)

Anonymous Coward | more than 8 years ago | (#15236957)

A more detailed version is in the kerneltrap interview [kerneltrap.org] .

Bout' Time! (1)

kabars_edge (644328) | more than 8 years ago | (#15236088)

.....what do we have to wait on now.

Re:Bout' Time! (0)

Anonymous Coward | more than 8 years ago | (#15237294)

I am awaiting OpenBSD-4.0, as Theo as been dropping small hints that 4.0 is going to be THE best release ever, --check mailing-list archives--

Re:Bout' Time! (1)

Jester6641 (909919) | more than 8 years ago | (#15237744)

vista? sorry. had to. going back to work now.

Torrents! (5, Informative)

Gandalf360 (194169) | more than 8 years ago | (#15236106)

Before the weight of the collective slashdot effect kills the main BSD servers, check out the bit torrents that are located here: http://openbsd.somedomain.net/ [somedomain.net]

Re:Torrents! (2, Insightful)

rbrito (37104) | more than 8 years ago | (#15237034)

First of all, I am not a user of *BSD, although I do appreciate their goals. I am a Debian [debian.org] user and have been one for quite some time now.

One fact to appreciate about Debian is that it is loosing its ties to the Linux kernel [kernel.org] and becoming more and more general, now including even BSD efforts (like the kfreebsd5 [debian.org] port).

So, even though I am a Debian user, I have this secret appreciation for all the work that the BSD people have done and continue to do and I am downloading the OpenBSD release from the torrent site listed in the parent post (that is http://openbsd.somedomain.net/ [somedomain.net] ).

We all know that these smaller projects don't have big companies supporting them financially and one thing that other people could do to help visibility (and, in the long term, more users, and, perhaps, even commercial support) is to promote OpenBSD [openbsd.org] .

This starts with being kind on their servers and helping with the serving of the release for others, keeping your torrent clients open and serving others. Please, do help others "free" their machines with Free Software.

I'm doing my small share helping others to "get their foot wet" with the support for the torrent.


Regards, Rogério Brito [ime.usp.br] .

architectures? (0, Flamebait)

Gothmolly (148874) | more than 8 years ago | (#15236107)

sparc, as well as sparc64? I know it's über to have an old Sparcstation IPX running Sendmail under your desk, but seriously, isn't it time to let sparc die? If its ANY work at all to maintain outside of the sparc64 tree, let it go. Also, I for one, welcome our ppc overlords, as my G3 running YDL (at the moment) is an excellent combination. PPC is not nearly as dead as Sparc, or as *BSD, for that matter. (joke, not a troll!)

Re:architectures? (4, Interesting)

The Tyrant (472050) | more than 8 years ago | (#15236173)

OpenBSD has excelent Sparc support, and I for one am very happy about it, Sparcs make excelent firewalls and servers for small environments, mine currently has a quad fast ethernet card in the back thus meaning I dont need an extra hub in the server cupboard (just the four rooms it connects to) and combined with OpenBSD's excelent packet filter and rock solid security (which is even stronger on sparc since it can take advantage of quirks of the archetecture to defend against some attacks better) it makes an ideal server for me, runs nicely and doesn't even push the sparc that hard.

Joke or otherwise, Sparcs are awesome machines (for some roles), and OpenBSD is an awesome system.

Re:architectures? (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15237075)

rock solid security (which is even stronger on sparc since it can take advantage of quirks of the archetecture to defend against some attacks better)

With sparc64 you can use the sparc quirks and also the security mechanisms intentionally built into the sparc64's, which the sparc's lack.

sparc64 seems to be the best platform of all to employ the highest security with OpenBSD.

What a shame Sun are such a bunch of a-holes with their pseudo "open source friendly" stance. They open up the specs and design to their CPU's, but they have REFUSED FOR YEARS to provide programming info for the chipsets in their UltraSPARC III's and beyond. And even today with their new "open source friendliness", they STILL REFUSE to provide programming info for those chipsets.

Seriously, how much are OpenBSD *really* going to hurt Sun by allowing me and a few thousand people around the World from running OpenBSD on a cheap Sun Blade 1000 from eBay? It's a sad state of affairs really. Sun take OpenSSH, modify it into their SunSSH and then HARM OPENSSH DEVELOPMENT by forcing the OpenSSH devs to have to compile on some 450MHz 4MB L2 UltraSPARC II at best.

The divide between the fastest sparc64 a BSD can run and a top Opteron system is absolutely huge now. And now that Sun are shipping Opterons in the workstation class, surely they could open the chipset info now? C'mon Sun!

Re:architectures? (1)

grub (11606) | more than 8 years ago | (#15236351)


Keeping loads of various architectures 'live' helps the developers spot odd bugs in the common that may compile Just Fine on x86 but cause glitches on esoteric platforms. Thus weird bugs get cleaned up.

Re:architectures? (1)

grub (11606) | more than 8 years ago | (#15236362)

I should Preview ;)
s/common/common code/g

Re:architectures? (2, Interesting)

TheRaven64 (641858) | more than 8 years ago | (#15236407)

Take a look at the OpenBSD rack [openbsd.org] in Theo's basement, and you will see how popular SPARC32 kit is with the devs - I counted 5 machines in total.

Re:architectures? (2, Interesting)

sunwukong (412560) | more than 8 years ago | (#15237597)

What about Niagara [sun.com] ?

Unfortunately, last I heard, Sun was being their usual selves and hiding key architectural details (e.g., chipset stuff) that are holding up the porting effort.

That was about a month or so ago -- hopefully Sun have decided to open up by now ...

Here is what's new (1)

h_benderson (928114) | more than 8 years ago | (#15236215)

See http://www.onlamp.com/pub/a/bsd/2006/04/27/openbsd -3_9.html [onlamp.com] for an interview discussing what is new in OpenBSD 3.9.

The abstract:
Federico Biancuzzi interviewed OpenBSD's team of Blob-Busters and discussed new features of OpenBSD 3.9 along with freedom (and quality!) threats.

power management features (0)

Anonymous Coward | more than 8 years ago | (#15236366)

Check out the new apmd, it does automatic throttling of cpu power based on system load and laptop battery. Cool stuff!
Unfortunately, my laptop is ACPI-only (no APM in the BIOS) and it doesn't look like they finished the ACPI code yet. But at least obsd now supports the AMD K8 PowerNow feature, so at least I can limp along for the time being.

Re:power management features (0)

Anonymous Coward | more than 8 years ago | (#15236975)

Nikolay Sturm and Bob Beck talked about apmd [onlamp.com] and how it chooses how much and how often change the CPU frequency...

Binary Updates Yet? (0)

Anonymous Coward | more than 8 years ago | (#15236461)

I ran an OpenBSD box for a while and I really loved it, EXCEPT for the fact that all the bug fixes were source only. Downloading, patching, and recompiling was a pain (as opposed to say... yum update or apt-get update), and it crimped my diskspace to maintain a source tree (it was an old box with a 10gb drive) so the box became another linux machine (CentOS).

I'd go back to OpenBSD in a second, if they have binary updates available. I really liked the fact that OpenBSD was minimal (not a lot of cruft and bloat), secure, and correct, but the source patching was just too much for me to keep up with.

Mod parent up!! (0)

Anonymous Coward | more than 8 years ago | (#15236920)

I need an answer for this question too.. :)

Re:Binary Updates Yet? (0)

Anonymous Coward | more than 8 years ago | (#15237067)

Use the "upgrade" option and install a snapshot that contains the fixes you want. I keep about all my machines current this way.

Re:do it via a snapshot (0)

Anonymous Coward | more than 8 years ago | (#15237165)

The short answer: run a snapshot after patches are announced. If your system is not that important, and you are just testing it, upgrading to the latest snapshot gets you the latest patched version of the OS. I have done this over and over, so for me, it is blazing fast. If you don't want to learn how to update to the latest snapshot (and it doesn't take any more room than what your install took), maybe you won't be happy with OpenBSD.

Of course, now I don't worry about announced vulnerabilities, because I have to spend so much time running IE to do the MS upsdates on all of the Windows boxes. I fear a MS vulnerability much more than an OBSD vulnerability.

off topic (1)

LurkerXXX (667952) | more than 8 years ago | (#15237634)

Why are you wasting time in IE doing MS updates? That's what WSUS is for.

Most of my OpenBSD boxes are IP-less firewalls, so usually I don't really worry about patching them until the next release comes out.

Re:Binary Updates Yet? (0)

Anonymous Coward | more than 8 years ago | (#15237470)

Frankly, this is crap. 10GB drive and you can't maintain a source tree???

I have one machine running OpenBSD with a 3.2GB drive and one with a 4GB drive and both maintain a source tree on them and I do my updates from source. It's not that hard, nor does it take up huge amounts of space. /usr/src on an OpenBSD box currently takes around 600M, I usually allocate 1GB to /usr/src. /usr/obj, which is needed to build from source, I usually allocate between 300M and 700M depending on how much space the box has and what architecture I'm running. I did however recently discover that sparc64 needs 1GB of space in /usr/obj in order to build successfully.

Anyway, so worst case on i386 /usr/src and /usr/obj cost me around 1.5GB. Big deal. And on a 10GB drive, I'd have more space than I knew what to do with. In fact, when I install OpenBSD on anything with more than 8GB of space, I start having a hard time using all the space on the drive. YMMV of course, but 1.5GB dedicated to a source tree is a small price to pay as far as I'm concerned.

Source updates on a minimal system? (5, Interesting)

Just Some Guy (3352) | more than 8 years ago | (#15237685)

Frankly, this is crap. 10GB drive and you can't maintain a source tree???

I could maintain a lot of stuff in 10GB, but given the sensitive nature of most OpenBSD installations (such as firewalls, etc.), GCC is not among the things I want to have around.

According to the FAQ [openbsd.org] , three file sets are required for installation:

  • bsd
  • baseXX.tgz
  • etcXX.tgz

Although that gets you a complete running system, it doesn't leave you with one that can self-host source updates. Given that I run exactly one OpenBSD machine at the office, I don't want to have a separate build server sitting around just to keep it updated. So, even though I have the hardware to support the process, and the technical skills to do so, it's still a major pain in the neck.

Oh, and to those saying I should just install snapshots, the FAQ says: [openbsd.org]

Between formal releases of OpenBSD, snapshots are made available through the FTP sites. As the name implies, these are builds of whatever code is in the tree at the instant the builder grabbed a copy of the code for that particular platform. Remember, on some platforms, it may be DAYS before the snapshot build is completed and put out for distribution. There is no promise that the snapshots are completely functional, or even install.
Elsewhere on the site are other discouraging words [openbsd.org] :

  • /pub/OpenBSD/snapshots/
    For our major architectures, we tend to build mini releases of unknown stability and quality about every month or so. This is where we place those test releases.

Ain't no way I'm going to tell my boss that my security update process involves "mini releases of unknown stability and quality". That is why I'd like to see "baseXX-r1.tgz" at ftp.openbsd.bsd (and it's mirrors) that holds nothing but the 3 or 4 binaries I'd need to upgrade on a stock system to bring it up to date. I'm not stupid or broke - just very time-challenged. I'd be happy to pay for a subscription to such a service were one available.

Re:Source updates on a minimal system? (1)

compass46 (259596) | more than 8 years ago | (#15238938)

Anyone recomending you install a snapshot on a production machine is an idiot.

There is binpatch out there but it requires you to have a build machine and roll the patches yourself. I'm not aware of anyone one rolling updates and making them available publicly. Be a nice contribution for someone with a little time to do it.

Re:Source updates on a minimal system? (1)

pkplex (535744) | more than 8 years ago | (#15241392)

What a load of bollocks?

Ive got a number of systems with just 6gb or less of hdd space, and I have plenty of room to build the tree. You only need around 1500Mb spare on /usr.

And even if you use some sort of ancient hardware with really minimal hdd space, you can still build patches on another machine and install them. Perhaps have a look at http://openbsdbinpatch.sourceforge.net/ [sourceforge.net]

Re:Binary Updates Yet? (0)

Anonymous Coward | more than 8 years ago | (#15237693)

I am the original poster. My partition scheme didn't give me that much space on /usr because I had put more (perhaps too much) into /usr/local (so I could compile and install apps), /var (for logs, mail spool, and htdocs), and /home (for user space). Thinking back on it, I probably should have put more into /usr, if that is what OpenBSD is going to require. But my point is still valid, the source patching is a bit of a pain.

I don't know why they don't offer binary updates, unless it is to conserve bandwidth. I just reviewed their faq about patching, and they don't explain why.

Re:Binary Updates Yet? (1)

synthespian (563437) | more than 8 years ago | (#15238349)

There's TEPATCHE for binary updates.http://www.gwolf.org/soft/tepatche/ [gwolf.org]
I don't see Theo and all supporting binary updates. And this, I think, because of the security goal. But I may be wrong. For instance, remember when Debian's servers were cracked (about 1 1/2 year ago, AFAIK)? What if you installed a binary with malicious code?

But in fact, why don't they officially support binary updates? What's the "official" answer on this issue?

At least, that seems like a reasonable motivation. OTOH, system administrators probably will automate their own process of applying patches. There's the XML for vulnerabilities for non-base software (http://www.vuxml.org/openbsd/index.html [vuxml.org] , also.

Re:Binary Updates Yet? (1)

synthespian (563437) | more than 8 years ago | (#15238377)

Ooops, sorry. Tepatche is not about binary updates.

Re:Binary Updates Yet? (1)

Just Some Guy (3352) | more than 8 years ago | (#15238713)

What if you installed a binary with malicious code?

Given that none of the install packages on the main or mirror sites are signed, there's no more exposure from downloading a (possibly hacked) binary patch than from downloading a (possible hacked) installer. And if they adopted the practice of signing the installer, then they could also sign the patches.

I don't buy the idea that it's harder to securely distribute patches than it is the base system. Furthermore, I don't recall ever hearing any of the OpenBSD guys make that claim.

binpatch (1)

Santana (103744) | more than 8 years ago | (#15241797)

If you can afford another OpenBSD box for building patches you can use binpatch [sourceforge.net] .

Unofficial install ISO-s (1)

ens0niq (883308) | more than 8 years ago | (#15236532)

From OSNews:

"Some unofficial (and of course unsupported by OpenBSD team) install ISOs:

http://hup.hu/node/24625 [hup.hu] "

Re:Unofficial install ISO-s (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15237219)

"Some unofficial (and of course unsupported by OpenBSD team) install ISOs:

I have always been totally perplexed by people who download and use OpenBSD ISO's (besides the official OpenBSD installer-only ISO's). It completely goes against what OpenBSD is about and defeats the whole reason for using OpenBSD.

You use OpenBSD because you are concerned about security and then go and run some random binary provided by some random people on the net who you know little about? People who don't have the long-term reputation which Theo and the OpenBSD team have?

I hope you really can trust md5 and you better check the sums of each of the files on those CD's. I'd rather buy an official CD as the best option or otherwise download the appropriate files from an OpenBSD ftp server, check those sums and burn your own bootable OpenBSD CD, as a WORST CASE!

but I thought bsd was dead? (-1, Troll)

Demerol (306753) | more than 8 years ago | (#15236619)

Slashdot told me so!

Multilib/multiarch development on OpenBSD (1)

GebsBeard (665887) | more than 8 years ago | (#15236641)

Anybody know if OpenBSD 3.9 supports 32 and 64 bit development on the x64/AMD64 platform? I installed OpenBSD 3.8 and it only seemed to support 32 bit development on the i386 distro and 64 bit development on the x64 distro... but not both on the x64 distro. Any ideas?

Re:Multilib/multiarch development on OpenBSD (0)

Anonymous Coward | more than 8 years ago | (#15237155)

All 64 bit platforms are native 64 bit.

Re:Multilib/multiarch development on OpenBSD (1)

Geekboy(Wizard) (87906) | more than 8 years ago | (#15239071)

if you write sane code, it will work on everything. distribute source code and you don't have to worry about it.

on the other hand, the lack of support for 32-bit binaries on the amd64, is intentional. it ain't gonna happen. it requires a massive amount of technical work, for a tiny benefit. if you can call running binary-only blob a benefit (hint: its not).

Re:Multilib/multiarch development on OpenBSD (1)

GebsBeard (665887) | more than 8 years ago | (#15240123)

Anybody else got an opinion? Geekboy says its impossible. Meanwhile I have Ubuntu, FC5, SuSE and FreeBSD (all AMD64) up and running in my network in 32/64 bit multiarch form. I actually like testing my code before releasing it (in whatever form). If anyone knows how to do it in OpenBSD please let me know. Thanks.

Re:Multilib/multiarch development on OpenBSD (1)

Geekboy(Wizard) (87906) | more than 8 years ago | (#15240166)

I'm not saying its impossible. I'm saying the code isn't written, and WON'T be accepted. There's a difference.

Re:Multilib/multiarch development on OpenBSD (1)

GebsBeard (665887) | more than 8 years ago | (#15240725)

That's too bad. It dooms anyone who wants to support and test on both 32- and 64- bit to multiboot which is a half-baked solution and total PITA.

Only OpenBSD supported my wireless card (5, Interesting)

dildo (250211) | more than 8 years ago | (#15237058)

After two weeks of attempting to get the various crappy beta-quality drivers to work on linux, I switched to OpenBSD to find that it supported my wireless card perfectly. (I have a PPC machine, so ndiswrapper was not an option.)

Installing was also easy. If you have a little patience and are not afraid of a text-only install, starting OpenBSD was very easy.

I like this operating system. The man files are comprehensive and well written, and even a person with limited technical experience (me) was able to get everything working fairly quickly.

Re:Only OpenBSD supported my wireless card (1)

ickoonite (639305) | more than 8 years ago | (#15237329)

Hear hear.

I've had numerous similar experiences with it over the years, and its elegant simplicity is always what wins me over in the end. Linux casts a wide net, and tries to be all things to all people, with the consequence that with things like driver support, it so frequently ends up being an ugly hack. Whereas with OpenBSD, if the hardware is supported, it works beautifully - wireless is a particularly good example of this.

I know that elsewhere on these pages I have likened OpenBSD (as a UNIX) to Mac OS X (as a desktop operating system) - both have an air of refinement and polish (even in text mode) that other OSes just lack. OpenBSD's install is a particularly good case in point - it is not particularly user-friendly in the conventional sense, but used in conjunction with the - as you say - excellent documentation, it makes light work of the task.

Long may it continue.

iqu :)

Re:Only OpenBSD supported my wireless card (1)

tokul (682258) | more than 8 years ago | (#15239118)

> The man files are comprehensive and well written

I guess we are reading different manual files. I do have trouble understanding
'man 3 setlocale' and info about blowfish crypt format. Blowfish crypt differs
and setlocale does not work as documented.

Re:Only OpenBSD supported my wireless card (-1, Troll)

RLiegh (247921) | more than 8 years ago | (#15239972)

You misread the GP post. The man files are COMPREHENSIVE and WELL WRITTEN.
The man files are COMPREHENSIVE and WELL WRITTEN.
The man files are COMPREHENSIVE and WELL WRITTEN.
The man files are COMPREHENSIVE and WELL WRITTEN.
The man files are COMPREHENSIVE and WELL WRITTEN.
Got it?!?!?!?

Re:Only OpenBSD supported my wireless card (1)

peacefinder (469349) | more than 8 years ago | (#15241578)

See this article [informit.com] :
In OpenBSD, the UNIX manual pages are considered authoritative. If a program or function call does not behave exactly as the manual describes, this is considered a bug. This is reflected in the development process, which does not allow any code that result in a user-visible change to be committed to the tree without an accompanying update to the documentation.
So if something in the base install does not work as documented, report it. Bug reporting instructions are here. [openbsd.org]

OpenBSD (1)

papason (4755) | more than 8 years ago | (#15237226)

Seems it's time for dumping # Sendmail 8.13.4, with libmilter
and Bind 9.3.1 (+ patches) for qmail and djbdns :-)

-Dee

Re:OpenBSD (1)

udippel (562132) | more than 8 years ago | (#15237808)

RTFM, and tell DJB to offer a non-braindead licence.
And then you might see what you want.
Or, even better, ask DJB why he doesn't put his code to Free && Open.

Re:OpenBSD (1)

Geekboy(Wizard) (87906) | more than 8 years ago | (#15239056)

1) qmail and djbdns don't have licenses, they have rants
2) the license rants are not free for openbsd to use
3) there is nothing wrong with sendmail and bind
4) nothing prevents you from downloading and installing qmail and djbdns

*BSD is Dying (-1)

Anonymous Coward | more than 8 years ago | (#15237282)

It is now official. Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing but nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dead

in other related BSD news (0, Offtopic)

Anonymous Coward | more than 8 years ago | (#15237832)

The noob and desktop friendly PC-BSD [pcbsd.org] hit 1.0 release recently.

Re:in other related BSD news (0)

Anonymous Coward | more than 8 years ago | (#15240108)

NO YOU!!

Rackmount firewall hardware recommendations? (1)

Just Some Guy (3352) | more than 8 years ago | (#15237969)

This article (and release) are excellent timing for me. My latest project is building a firewall to replace our SonicWALL with an OpenBSD system. I need to make a hardware recommendation for something that can:

  • Support at least four NICs (WAN, LAN, DMZ, wireless), with gig-eth between the LAN and DMZ.
  • Terminate three or four OpenVPN tunnels over a 3 Mbit connection.
  • Run Snort (not strictly necessary, but would be a nice bonus).
  • Ideally fit in 1U of rack.

I'm having a hard time with this. This will be my first rack-mount server, and I really don't know much about what's available in this space. I've seen threads from a couple of years ago about this exact subject, but hardware recommendations from '04 aren't very helpful today.

Cost is a factor to some extent, but extreme reliability isn't a strong requirement (since we can always throw in a big-box temporary replacement on short notice). In other words, we're not looking for something that fell off the truck, but quad-redundant power supplies aren't a selling point for us.

How 'bout it, Slashdotters? Seen any sweet packet-pushing hardware that a small office can afford?

Re:Rackmount firewall hardware recommendations? (0)

Anonymous Coward | more than 8 years ago | (#15238423)

And for the wireless-ly paranoid, 3.9 includes freeradius-1.1.1 in their ports tree! I'll probably purchase a wireless Squeezebox soon and it has built-in support for WPA/WPA2. With freeradius in the ports tree now, installation (and probably maintenance) of a WPA/WPA2 server should be a breeze!

I also hope to purchase a notebook soon. I'll be able to wander around inside (and outside) my apartment with a "secure" wireless connection thanks to OpenBSD. It's "secure" because it's better than a WEP or PSK WPA solution, but still not perfect (there's no such thing as "perfect").

I suppose I should make a donation. I use Gentoo on the desktop (both GNU/Linux and OpenBSD? Blasphemy!). I should probably make a donation to them also...

Re:Rackmount firewall hardware recommendations? (2, Informative)

darkuncle (4925) | more than 8 years ago | (#15238552)

for a really secure wireless connection, you may want to take a look at authpf(8), and use ssh to tunnel all your traffic (at least between your laptop and the gateway).

Re:Rackmount firewall hardware recommendations? (2, Informative)

darkuncle (4925) | more than 8 years ago | (#15238463)

eRacks [eracks.com] and Hawk [hawk.com] are two of the commonly-suggested vendors that sell machines with hardware specifically chosen for OpenBSD compat (and will even pre-install, if that's your thing). I'd suggest any 1U generic box built in the last 5 years with 512-1024MB of RAM. Good NICs are going to be more important than CPU (fxp(4) is a good choice; see the misc@openbsd.org archives, since this question comes up regularly). Either of the above vendors (or others; check Google for "openbsd rackmount server") should be able to get you a 1U box with a good quad-port card in it (use the built-in port(s) for the management channel). Get a pair of identical machines and set up carp(4) so they can do failover and you should be set. You can terminate VPNs using isakmpd(8) or you can just use OpenSSH (supports tunneling any arbitrary traffic, including layer 2 stuff, as of v4.3).

Re:Rackmount firewall hardware recommendations? (1)

darkuncle (4925) | more than 8 years ago | (#15238501)

oh, and you may also wish to check out Soekris [soekris.com] gear - highly secure (run the OS from a RAM filesystem, set your CF media to read-only), very small, 12W power requirements, the net4801 (for example) ships with 3 fxp(4) interfaces and a miniPCI slot that can take either a wireless card or a hardware crypto accelerator (200Mbps AES-256 at line speed with near zero CPU overhead). Search the archives for Soekris and you'll get quite a few results.

fir5T (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15238137)

arE 7000 users BSD style.' In the

BSD licensed nve driver? (2, Informative)

toadlife (301863) | more than 8 years ago | (#15238217)

"a BSD licensed driver for nvidia nforce ethernet"

PLEASE, for love of Beastie, port this over to FreeBSD. The existing nve driver in FreeBSD is a POS.

worth donating (0)

Anonymous Coward | more than 8 years ago | (#15239668)

if you want to support the project, you should considering donating via a Recurring PayPal Donation (http://www.openbsd.org/donations.html) to help the project in a consistent basis. Donating 10$ a month can't be that much considering what you get from it...

Question for the OpenBSD gurus: (1)

someonehasmyname (465543) | more than 8 years ago | (#15239934)

Can I finally use carp on a transparent bridge?

The carp man page says something about not needing an IP anymore if you specify carpdev, but I haven't found any relevant examples. I'm in the middle of setting up two 3.9 boxes to try making it work.

Re:Question for the OpenBSD gurus: (0)

Anonymous Coward | more than 8 years ago | (#15241807)

Hmmm, I'd like to know more about this too!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...