Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What's New in OpenBSD 4.2?

Zonk posted more than 6 years ago | from the new-footloose-and-fancy-free dept.

Unix 203

blackbearnh writes "OpenBSD 4.2 was released today, and has a host of new features. O'Reilly's ONLamp site has a pretty thorough overview of the release. 'Even though security is still there, this release comes with some amazing performance improvements: basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper), and the improved frequency scaling on MP systems can help save nearly 20 percent of battery power. And then the new features: FFS2, support for the Advanced Host Controller Interface, IP balancing in CARP, layer 7 manipulation with hoststated, Xenocara, and more!'"

cancel ×

203 comments

Sorry! There are no comments related to the filter you selected.

Where to get it... (5, Informative)

KingSkippus (799657) | more than 6 years ago | (#21200159)

Since the submitter didn't bother linking to their site (!!?), if you want to try out some of these amazing new features and improvements instead of just reading about them, you should head over to the OpenBSD 4.2 page [openbsd.org] and snag a copy!

Re:Where to get it... (3, Interesting)

notamisfit (995619) | more than 6 years ago | (#21200247)

I didn't see anything about it in the interview, but it looks like they've made install ISO's available for the various platforms (install42.iso in each directory). Might give it a spin if I can find a machine for it -- I gave 4.1 a try (and even bought a CD set) and was mostly impressed.

Re:Where to get it... (2, Funny)

Anonymous Coward | more than 6 years ago | (#21202783)

I think I'll wait until those evil linux developers rip the BSD copyright from the headers and relicense the lot under GPLv3. /ducks

Re:Where to get it... (1)

eneville (745111) | more than 6 years ago | (#21204023)

oh darn. now i'll have to find something else to post on my blog, rather than "this is how to make a openbsd iso"... drat. i guess they realise that the cd sales happen with or without the iso download.

ANOTHER version? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21201183)

Wow, WTF. ANOTHER damn version?

Maybe if the BSD guys could have been bothered to take the time out and code it right the first time around, they wouldn't have to keep revisiting it.

Re:Where to get it... (1, Informative)

Anonymous Coward | more than 6 years ago | (#21202489)

It should also be mentioned that buying a CD set helps fund the project. The price is low and the value high. You can get it here [openbsd.org] (many local resellers too).
---
AC using OpenBSD 4.2/i386 and GNOME 2.18 (*hides*) ;-)

Jun-ichiro "itojun" Hagino (5, Informative)

eldavojohn (898314) | more than 6 years ago | (#21200195)

It should probably be noted (as one of the articles states) that this release is dedicated to a man who passed away a few days ago. From another article [kerneltrap.org] on KernelTrap:

"Jun-ichiro 'itojun' Itoh Hagino passed away on October 29, 2007 at the age of 37. "To those in the BSD communities he was simply Itojun, best known in his role as IPv6 KAME project core researcher. Itojun did the vast majority of the work to get IPv6 into the BSD network stacks. He was also instrumental in moving IPv6 forward in all aspects through his participation in IETF protocol design meetings. Itojun was helpful to everyone around him, and dedicated to his work. He believed and worked toward making technology available to everyone. He will be missed, and always remembered."
Truly unfortunate for the open source community, the networking community & all of Itojun's family. It's a shame to see someone so promising go at a young age.

Re:Jun-ichiro "itojun" Hagino (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21200271)

It might be a hoax. You did check netcraft, right?

Re:Jun-ichiro "itojun" Hagino (3, Insightful)

Anonymous Coward | more than 6 years ago | (#21201699)

It says a lot about the kinds of people who post here when things like this happen, a man dies, and some random jackass makes a crack about it. Fuck you, you little shit, itojun was a good man. He put a huge amount of his life's work into the KAME project, and through it provided the world with IPv6, that's a significant accomplishment. What have you done? Made a jab about a dead man.

Re:Jun-ichiro "itojun" Hagino (0)

Anonymous Coward | more than 6 years ago | (#21202529)

wow, man.... wow
Seriously though, reading the dedication made me feel strange. I wanted to ask 'how did he die?' and now I'm going to have to google for it.
Who will google my death? and what will the results page be like?

Terribly sorry.

I need to try BSD (1)

Stamen (745223) | more than 6 years ago | (#21200213)

I use OS X on my workstations, because I think it's the best *nix workstation at the moment, but I use Linux, exclusively on the server. I really need to try BSD. I really enjoy ports on OS X, so I'm sure I'd like it in BSD.

The only problem I run into on OS X is some of the GNU tools aren't there, and the BSD version of stuff like ls and such are different. But you can port install that stuff, so really that issue is mute. I think I'll fire up a virtual server and try out BSD

Re:I need to try BSD (5, Informative)

ByOhTek (1181381) | more than 6 years ago | (#21200357)

One of the first things I do on FreeBSD after installing bash and portupgrade...

portupgrade -Nf sysutils/gnutools
echo "
alias ls='gls --color=always'
alias cp='gcp'
alias mv='gmv'
" >> ~/.bashrc

Something similar will probably work on OpenBSD

(oh, and for those who need their [modified] meems... OpenBSD is Undead, netcraft confirms it!)

Re:I need to try BSD (2, Insightful)

notamisfit (995619) | more than 6 years ago | (#21200421)

Hmmm, I just learned to get used to no color, no longopts, and readable man pages. Crazy, innit? (Although, IMNSHO, zsh kicks the shit out of bash for usability).

Re:I need to try BSD (0)

Anonymous Coward | more than 6 years ago | (#21200495)

That's because you never tried csh.

Re:I need to try BSD (0)

Anonymous Coward | more than 6 years ago | (#21200679)

colorls is in ports for gnubies, but only for gnuies, openbsd users are fine with the ksh the system comes with, since it's not half as bloated or scarey as bash.

Re:I need to try BSD (2, Informative)

Stamen (745223) | more than 6 years ago | (#21200809)

colorls is in ports for gnubies,
Can't you just turn on color with ls -G like in OS X? No need for gnu ls. The only reason I'd want gnu stuff is to be consistent with the Linux servers, so I could have 1 set of scripts. Personally, I don't install gnu tools in OS X, I use ls - G, and curl instead of wget, etc.

Re:I need to try BSD (0)

Anonymous Coward | more than 6 years ago | (#21201257)

OpenBSD base doesn't get stupid things most of the time. In OpenBSD, pretty much only apache is the exception to the, "no dumb shit," rule and that's just because it's been tuned for OpenBSD developers for so long that they'd rather not go to another webserver.

Re:I need to try BSD (1)

ByOhTek (1181381) | more than 6 years ago | (#21201703)

Actually, the GNU tools are nice if you have the habit of typing out the [OPTIONS] after the files/directories.

i.e.
ls ~/ -lh

(I think of the dir first, then what I want to do with it.) I just specified the --color=always because it can be taken away easy enough, and -G doesn't do the same thing in GNU ls that it does in BSD.

Re:I need to try BSD (1)

ByOhTek (1181381) | more than 6 years ago | (#21201643)

or I could just use -G rather than run a port just to get colors. I get the gnu tools because they act quite different, and work better for the way I think and process what I want to do.

As for bash, I prefer it to CSH/KSH, just a personal preference. None of them are scary - some people just work better with some tools than others.

Re:I need to try BSD (1)

QuoteMstr (55051) | more than 6 years ago | (#21204401)

The only thing I miss in OpenBSD 4.1's ksh (versus bash) is bang-expansion. !$ is particularly useful.

That said, I don't see why bash or bloated or scary. It's got quite a few nice features, but nothing that's not necessary, and it runs plenty fast. And scary? It's just a shell.

Re:I need to try BSD (1)

Just Some Guy (3352) | more than 6 years ago | (#21200825)

With 'ls', at least, you can skip a step. Replace:

alias ls='gls --color=always'

with:

alias ls='ls -G'

What GNU extensions to you use to 'cp' and 'mv' so often to alias them? In a decade of using Linux and FreeBSD interchangeably, I've never noticed a significant difference in those very basic tools.

Re:I need to try BSD (1)

ByOhTek (1181381) | more than 6 years ago | (#21201579)

actually, I'm quite aware of the -G option.

I got the gnu tools, because I have a habit of thinking about how I want to view the director[y|ies] after type out the directories...

the BSD ls won't do what I want with
ls ~/ -lh

but the GNU tools will.

Ah the ports... (0)

msimm (580077) | more than 6 years ago | (#21200903)

Ah the ports, a fine example of the GNU community hording BSD code and not giving back...

Re:I need to try BSD (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#21200371)

so really that issue is mute.

You fucking worthless heap of shit. The word is "moot".

Re:I need to try BSD (0)

Anonymous Coward | more than 6 years ago | (#21201297)

How do you know? Perhaps the issue just cannot speak? I mean, some issues are raging screaming attention whores, that you notice really easily, but in contrast, some issues you pretty much ignore for years. Perhaps the grandparent poster was dealing with such an issue?

Re:I need to try BSD (1)

Stamen (745223) | more than 6 years ago | (#21201493)

Hey, wait a second... But you're dead... I saw the car go off the cliff myself... It can't be, it just can't... Dad, is that you?

Re:I need to try BSD (1)

inode_buddha (576844) | more than 6 years ago | (#21201517)

Hey now, I'm a grammar/english type myself. True, the mis-usage hurts the eyes, but still I would maintain that the question is not one of being a useless heap of shit. Rather, I say that the question is "Does the otherwise useless heap of shit have a kernel of corn in it?"

Re:I need to try BSD (1)

cromar (1103585) | more than 6 years ago | (#21200933)

Out of curiosity, which commands in GNU tools are different/missing from OS X? (I guess I am showing a bit of ignorance of GNU/Linux... on Slashdot no less! Ouch :)

Different can be better. (0)

Anonymous Coward | more than 6 years ago | (#21202031)

Seriously, all the GNU bloatware uses too much memory, is slower, has dozens of useless extra command line options that GNUbies start using in "portable" scripts, and have horrible security records. The GNU guys manage to get security holes into "man" for crying out loud. Just try the BSD tools instead of expecting everything to be just like linux. You might find that its actually alot nicer.

Love! (4, Funny)

antifoidulus (807088) | more than 6 years ago | (#21200281)

Remember, Theo de Raadt loves each and every one of you, he includes love in each copy of OpenBSD! Well, love or an incredible hatred of the x86 platform and everything not OpenBSD.

Huh? (3, Funny)

LotsOfPhil (982823) | more than 6 years ago | (#21200321)

What's BSD?

Re:Huh? (2, Funny)

king-manic (409855) | more than 6 years ago | (#21200343)

What's BSD?
A LSD precursor.

Re:Huh? (1)

ByOhTek (1181381) | more than 6 years ago | (#21200393)

The first thing I thought of when you said that was the FreeBSD 5 installer.

My next thought was "It's so true..."

Re:Huh? (0)

Anonymous Coward | more than 6 years ago | (#21200779)

"There are two major products that came out of Berkeley: LSD and BSD. We don't believe this to be a coincidence." --Jeremy S. Anderson

Re:Huh? (1)

UnknownSoldier (67820) | more than 6 years ago | (#21202915)

Ah Berkeley,
known for LSD and BSD.
Coincidence? You decide :)

Re:Huh? (0, Flamebait)

StonedYoda47 (732257) | more than 6 years ago | (#21200347)

Don't even worry about wiki-ing it. Netcraft confirms it's dead anyway. Just forget you ever saw the thread.

Re:Huh? (1, Informative)

marcello_dl (667940) | more than 6 years ago | (#21200409)

I'd ask "what's google" next.

Re:Huh? (1)

4D6963 (933028) | more than 6 years ago | (#21200519)

What's BSD?

It stands for Bisexual Satanic Daemon. That's a service for Linux that filters packets from the internet and replaces the text from web pages with random extracts from the Satanic Bible and random occurences of '666', and replaces images with obscene pornographic depictions.

You can just ask Google if you don't believe me.

Re:Huh? (0)

Anonymous Coward | more than 6 years ago | (#21202557)

Does it use the "sexual bit" as defined in the RFC?

*BSD is dying (0, Troll)

Anonymous Coward | more than 6 years ago | (#21200331)

It is now official. Netcraft has confirmed: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Re:*BSD is dying (1)

zeromorph (1009305) | more than 6 years ago | (#21200831)

trolling is a stupid sport. copy&past trolling is even more boring.

let me be the first to say: "old post! [netbsd.org] "

4.2BSD (2, Informative)

m2943 (1140797) | more than 6 years ago | (#21200361)

Ah, that brings back memories of 4.2BSD, the first BSD with real Internet support.

(OpenBSD 4.2 seems somewhat less exciting to me.)

How dissapointing- they didn't include Xen (2, Interesting)

LukeCrawford (918758) | more than 6 years ago | (#21200375)

Christoph Egger did a OpenBSD Xen port (based on the NetBSD xen stuff) see: http://hg.recoil.org/openbsd-xen-sys.hg [recoil.org] It looked pretty promising. It's too bad they aren't going to support that platform. I've got lots of customers who'd really like a OpenBSD option.

Re:How dissapointing- they didn't include Xen (2, Informative)

e9th (652576) | more than 6 years ago | (#21200605)

Theo has strong feelings [kerneltrap.org] about virtualization.

Re:How dissapointing- they didn't include Xen (0)

Anonymous Coward | more than 6 years ago | (#21200853)

He has strong feelings about the bullshit security claims by virtualization enthusiasts, he's got nothing against Xen itself, he just doesn't believe that people can set something in front of the operating system and declare it an improvement of security, when the code of the virtualization software isn't ensured to be secure itself. In truth, a pair of OpenBSD developers work at Xensource.

Who says they "aren't going to" support it? (0)

Anonymous Coward | more than 6 years ago | (#21202479)

Its not 100% done. There's still some bugs that need dealt with. When its stable its alot more likely to be included.

Re:How dissapointing- they didn't include Xen (1)

Antique Geekmeister (740220) | more than 6 years ago | (#21204483)

Getting Theo to accept a tool, or set of tools, that are not built to the OpenBSD standard of incredible efficiency and cleanness of code is extremely unlikely: I don't think Xen is there yet.

Mind you, that cleanness of code and incredible efficiency comes at the cost of having a usable interface and key features that push people away from OpenBSD into something that will actually do the job they need done, and will do it now.

so far (0, Troll)

Anonymous Coward | more than 6 years ago | (#21200379)

some of the new kernel options are nice. for example, IS_DEAD

Request for information (2, Interesting)

cdn-programmer (468978) | more than 6 years ago | (#21200399)

I've filed a bug report on this but at this point I'm not even sure its a bug... could be a hardware issue..

If anyone is running Adaptec SCSI 2940 controllers with more than one SCSI hard drive and it works then I'd like to know... if anyone is having problems I'd like to know.

The issue is that I have one 2940 fast narrow card and it won't boot... says there is no O/S. In the same machine... swap that card out to a 2940 fast wide and it boots just fine. Perhaps this is a firmware card issue. I have so far only tested these two cards... I plan to go get a handfull more.

Next issue. With the fast wide all seems 100%. Then I start an rsync from another machine and within seconds I get a kernel panic. There is a bug report here: http://paste.lisp.org/display/49908#1 [lisp.org]

Is OpenBSD bug report # 5616

I'm not at this point asking anyone to debug this. I want to know if others have a similar setup and it works.

This machine is a Pentium I, with two fast narrow SCSI disks and in this case an AHA 2940 FW card. There is nothing else on the bus.

O/S version was 4.1 and now I can try the new version. Since OpenBSD is such a great O/S I sure would like to get to the bottom of this without wasting people's time. If we have a problem we need to know about it and potentially fix it. If its an isolated issue then I need to know this so I can shelve the hardware if in fact it is flakey hardware.

Note: With that fast wide controller... dd if=/dev/sd1 of=/dev/sd1 bs=2048 will run 100% and never glitch at all. But try that rsync on the system.. kernel panics 100% of the time within seconds.

Re:Request for information (0)

Anonymous Coward | more than 6 years ago | (#21200993)

adaptec controllers are buggy as hell. no one tries to ruin his sanity anymore by bugfixing the controllers in the driver, when adaptec doesn't want to release some documentation.

Re:Request for information (1)

cdn-programmer (468978) | more than 6 years ago | (#21203217)

I have the adaptec hardware manuals for the 2940 and other cards. Yes I have heard about bugginess.

I'm not a kernel guru and I've not written or even looked at drivers. It takes so much time to even get into this that for me I'd have to be granted another lifetime before I can get seriously involved.

One question that comes to mind is that I've personally never run into an issue with linux on similar h/w and with the same cards. Linux drivers are OSS so it would seem that any issues the linux and other *nix people might need to address are going to yield solutions for all operating systems.

If so, then for these pesky thankless driver issues perhaps a closer working relationship is in order. Perhaps driver writers could define a common group of functions which could be linked into all drivers regardless of the OS that hosts the driver. Again, since I don't write drivers I simply don't know. But why re-invent the wheel if it can be avoided. I would think an openBSD style license would be appropriate for such an undertaking.

Re:Request for information (1)

kv9 (697238) | more than 6 years ago | (#21202387)

The issue is that I have one 2940 fast narrow card and it won't boot... says there is no O/S. In the same machine... swap that card out to a 2940 fast wide and it boots just fine. Perhaps this is a firmware card issue. I have so far only tested these two cards... I plan to go get a handfull more.
I use a couple of 2940 narrow and wide "in production" under NetBSD (without problems) and sadly I cannot test this issue under Open. however, I do have anecdotal evidence of the situation you are describing being true (friends with same config as yours tried and failed to boot OpenBSD on the thing -- install works fine and so do other operating systems).

Re:Request for information (2, Funny)

Antique Geekmeister (740220) | more than 6 years ago | (#21204527)

Welcome to the (lack of) driver support for OpenBSD.

Re:Request for information (1)

Secret Rabbit (914973) | more than 6 years ago | (#21202927)

Maybe, just maybe, it'd be better to send a mail to one of the OpenBSD mailing lists. Perhaps then, you'll actually get some help.

Just a thought.

Good Desktop OS (4, Interesting)

LM741N (258038) | more than 6 years ago | (#21200451)

I know OpenBSD is renowned as a secure system, but it also is a good desktop OS. In fact, I bet it recognizes more devices than my Windoze Vista. I was pleasantly surprised the last time I tried out OpenBSD on my laptop. My only complaint is that the ports are not as comprehensive as FreeBSD. But then, maybe I should be a maintainer for one and stop complaining, lol.

Re:Good Desktop OS (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21200559)

... or just get a fucking clue, that would work too.

Re:Good Desktop OS (0)

Anonymous Coward | more than 6 years ago | (#21200939)

Just FYI, "Windoze" is no longer considered a humorous variant of "Windows" by pretty much everyone. It went out with "M$", "MacInToy", "That's what she said", and practically every Flying Spaghetti Monster reference. Using "Vista" alone is enough to elicit at least a snort of derision, if not outright laughter.

Otherwise, excellent post. Minus the "lol" at the end, of course.

Re:Good Desktop OS (0)

Anonymous Coward | more than 6 years ago | (#21202741)

"I bet it's better" despite probably never knowing/looking up the relevant info? Jeeze fanboy much?

Re:Good Desktop OS (0)

Anonymous Coward | more than 6 years ago | (#21203007)

I concur. I'm typing this on an OpenBSD laptop right now. It's unfortunate how so many people hear "BSD" they jump immediately to firewalls and servers. Kind of like people used to do for Linux. It wasn't fair to Linux then and it's not fair to BSD today.

But OpenBSD has Linux beat in terms of hardware support in a number of areas (wireless, I'm looking at you). Also, you are right about Windows: sure, they have lots of third party drivers, but out of the box (as in, the stuff that MS ships with) it's not as comprehensive. I do have a Windows machine too, and more generally I have run into poor out of the box hardware support on a number of installs. With BSD, not so much.

Re:Good Desktop OS (1)

bigstrat2003 (1058574) | more than 6 years ago | (#21203433)

In fact, I bet it recognizes more devices than my Windoze Vista.
I'll take that bet. Vista's device recognition is pretty damn solid, and is, in all likelihood, going to move from "solid" to "really good" with SP1. Now, I don't know OpenBSD's device recognition rate, but, I know that Linux still isn't as good as Windows, and it would stand to reason that OpenBSD, being less popular than Linux, will have even worse support in that department.

Now to be able to afford a zillion hardware configurations to test both OSes on... ;)

Re:Good Desktop OS (0)

Anonymous Coward | more than 6 years ago | (#21203627)

You know what they say about assumptions? They make an ass out of you. OpenBSD's support is better than Linux on several platforms and in several fields, in particular it's wireless support and crypto support is superior to that of Linux.

Common device driver layer Re:Good Desktop OS (1)

cdn-programmer (468978) | more than 6 years ago | (#21204249)

I posted this on another thread... I was thinking of a less ambition approach... just common driver bug handling layer.

I wonder if it is possible for all OSS software driver writers to coordinate their efforts and develop a common driver model for all OSS operating systems.

Personally I have written hardware drivers... many years ago I wrote in assembler video drivers for ega/vga cards. After months of digging and gobs of work my conclusion is this is a thankless job... but it is a critically important job and one that those who are involved with should take a great deal of pride in their contributions.

So I ask... is it feasible to create a common device driver layer so that problems solved for one OS can be solved for all?

Stable branch, still from source only? (2, Interesting)

BlueParrot (965239) | more than 6 years ago | (#21200531)

One of the things that has put me of OpenBSD is the need to compile from source if you want to use the stable branch. I realise this is partially due to limited resources and priorities, but I would argue that this is probably one area where there is room for improvement.

In any case they have done a lot of good work. Copyleft vs OSS ideology disputes aside. ; )

Re:Stable branch, still from source only? (1)

Dan Ost (415913) | more than 6 years ago | (#21201131)

How long does it take to build the world now days?

I haven't played with OBSD for a couple of years, but I remember starting a build at night and having it done when I got up the next morning (on hardware that was, even then, considered old). I can't imagine that things haven't improved since then.

Re:Stable branch, still from source only? (1)

e9th (652576) | more than 6 years ago | (#21201677)

I do all my builds on a 4 yr old box (1.7 GHz Celeron, 256MB, ATA disks). The kernel takes about 20 mins, userland about 2.5 hours. In my case, the CPU is the bottleneck.

Re:Stable branch, still from source only? (1)

kv9 (697238) | more than 6 years ago | (#21202567)

How long does it take to build the world now days?
~10 mins for the kernel and about an hour for the userland (2xP3/933, 512M, 2x10K). and considerably more on weaker hardware (as expected).

Re:Stable branch, still from source only? (2, Informative)

kv9 (697238) | more than 6 years ago | (#21202517)

One of the things that has put me of OpenBSD is the need to compile from source if you want to use the stable branch. I realise this is partially due to limited resources and priorities, but I would argue that this is probably one area where there is room for improvement.
no you do not. stop spreading FUD. there are binary sets for multiple archs [openbsd.org] in every release. this also goes for the ports. it is clearly stated in the FAQ that if you want stable you should use binary packages. the only time when you have to compile is when you make changes to the kernel (or are tracking -current system or ports).

Re:Stable branch, still from source only? (0)

Anonymous Coward | more than 6 years ago | (#21203099)

Huh? There's no such thing as "unstable" vs "stable" in OpenBSD. There's release, which is the thing you get from the CD set or the FTP. Then there's stable which is basically release plus errata patches, and there's current which is the source tree the developers are currently working on. current does not imply unstable.

awk (0, Troll)

bytesex (112972) | more than 6 years ago | (#21200571)

Did they leave that segfaulting bug in awk in ? BSD users - replace awk with gawk as soon as you've installed it.

pf (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21200613)

One of the things I love about OpenBSD is pf. It blows away iptables. Not only in functionality, but in the syntax language as well. You don't have to have a cheat sheet for pf like iptables, which lessens the chances for mistakes IMHO. Iptables syntax is extremely painful to work with in comparison.

Package auditing? (1)

saleenS281 (859657) | more than 6 years ago | (#21200629)

So have they included any sort of package auditing yet? Something along the lines of portaudit in freebsd? For those of us who don't enjoy upgrading just to upgrade, and don't want to have to monitor mailing lists to see everytime a package has an issue, is there any automated package auditing?

Never got the hang of patching it (3, Interesting)

Just Some Guy (3352) | more than 6 years ago | (#21200669)

One thing I never really figured out with OpenBSD is why errata patches [openbsd.org] are handled the way they are. Why doesn't OpenBSD offer binary updates? For example, here are the instructions to fix errata entry 009 ("Fix possible heap overflow in file(1), aka CVE-2007-1536."):

Apply by doing:
cd /usr/src
patch -p0 < 009_file.patch

And then rebuild and install file:
cd usr.bin/file
make obj
make cleandir
make depend
make
make install

Given that I installed from binary packages as do most users, and I might not even have a compiler installed, the startup cost of following those steps is fairly substantial. It seems like it would be easier for someone at OpenBSD to run those commands, see which files changed, wrap them up into a tarball, and distribute those - at least for the most popular architecture or two.

Now, I'm not saying they should do this or that they owe it to us end users to do it. I just mean that it'd be amazingly convenient with a seemingly minimal amount of extra work. Am I wrong about what would be involved?

Re:Never got the hang of patching it (1, Informative)

Anonymous Coward | more than 6 years ago | (#21201091)

It would be a pain to devote one of each arch's build machines to -stable instead of -current. It is also generally considered a stock response that an administrator should be doing the patches, so that they understand what's happening in their machine. http://blog.bsdjournal.net/ [bsdjournal.net] is the site of a guy who maintains some stable builds, perhaps you could try and get him to work more closely with the OpenBSD project and get those to become official binaries updates, but it seems unlikely.

Re:Never got the hang of patching it (1)

Just Some Guy (3352) | more than 6 years ago | (#21201631)

It would be a pain to devote one of each arch's build machines to -stable instead of -current.

Assuming FreeBSD's tools with a few options over OpenBSD's for simplicity:

  1. On release day, do a clean install onto a donated Pentium set aside for such a purpose.
  2. When a patch comes out, follow its instructions.
  3. Run:

    # cd /
    # find . -newermt '10 minutes ago' | tar -cvzT - -f /tmp/binarypatch009.tar.gz
  4. Copy that tarball to the website for mass downloading.

It is also generally considered a stock response that an administrator should be doing the patches, so that they understand what's happening in their machine.

I don't know what's on the machine in the first place beyond what the OpenBSD folks said is there; I certainly haven't audited it myself. At any rate, the output of

# cd /; tar xvzf /tmp/binarypatch009.tar.gz
on the machine being patched is a lot more grokable for most people than the output of a long patch/compile/install session.

I'm not saying that my way is "right", but it just seems like an easy step that would be greatly appreciated by a huge amount of people who otherwise just ignore patches until the next release comes along.

Re:Never got the hang of patching it (1)

funky womble (518255) | more than 6 years ago | (#21202545)

a donated Pentium
hah. You're seriously underestimating the work involved. An OpenBSD release covers around a dozen machine architectures: one donated Pentium won't cut it. And besides the machines, also needed would be additional power, cooling, another rack, *space to put all of this*, before you even start on the non-trivial amounts of time (necessarily that of a trusted developer) to prepare and test things out.

Re:Never got the hang of patching it (0)

Anonymous Coward | more than 6 years ago | (#21202963)

Indeed, Kirk, your ignorance is so significant that it's not worth giving the full details to you. You need to read.

Re:Never got the hang of patching it (1)

Just Some Guy (3352) | more than 6 years ago | (#21204489)

You're seriously underestimating the work involved. An OpenBSD release covers around a dozen machine architectures: one donated Pentium won't cut it.

I mentioned earlier that it'd be for the most popular couple of architectures. We already do this at my company for our OpenBSD machines: maintain an old beater that does nothing but track changes to -stable and package them for other local machines. It'd just be nice if there were an official parallel.

before you even start on the non-trivial amounts of time (necessarily that of a trusted developer) to prepare and test things out.

Seriously, though, why would it take more testing than rolling out just the patches? If I have foo.c and its resulting foo, and you give me foo.patch, both of us should end up with bit-identical new copies of foo afterward. Why not just give me foo so that it only has to be built on one machine instead of a million?

Re:Never got the hang of patching it (1)

rsax (603351) | more than 6 years ago | (#21201099)

I completely agree. FreeBSD started offering official binary security updates. Maybe one day OpenBSD will do the same. Until then give Radmind [umich.edu] a shot. It works beautifully for any BSD OS.

Re:Never got the hang of patching it (1)

Dan Ost (415913) | more than 6 years ago | (#21201219)

It's my understanding that the OBSD developer community is small enough that they can't tackle everything that they'd like to do between releases. This means that any new work to be done has to displace something else on the TODO list.

I actually think this is a good thing. This keeps development focus on improvements that benefit the whole OBSD community rather than on developer's pet projects.

Re:Never got the hang of patching it (0)

eclectro (227083) | more than 6 years ago | (#21201259)

Am I wrong about what would be involved?
You just don't get it, do you? BSD is *all* about security. Sure Theo could personally post a binary for download on the website. But the problem is you don't really know if Theo is the one who made the binary. It might be a site hacker for all you know.

What it boils down to is that you can't trust anyone to compile patches for you. Not Theo, your brother, or even your mom. You can not trust *anyone*.

Downloading a binary is like giving Bill G. the keys to your computer.

Re:Never got the hang of patching it (0)

Anonymous Coward | more than 6 years ago | (#21201455)

This is why god created cryptographic signatures.

P.S.
Do you audit every single source patch you fetch? I doubt you even glance at it.

Re:Never got the hang of patching it (1)

Just Some Guy (3352) | more than 6 years ago | (#21201685)

But the problem is you don't really know if Theo is the one who made the binary.

I don't really know if Theo is the one who compiled the ISO I just downloaded and installed, either. At some point there's a leap of trust.

Re:Never got the hang of patching it (0)

Anonymous Coward | more than 6 years ago | (#21202325)

you didn't download the official iso and install it.

Because... (2, Insightful)

emil (695) | more than 6 years ago | (#21201767)

...the OpenBSD philosophy is security through openness. When you receive a security patch as source code, you can see exactly what is being done. If the patch were to include a binary image, verification would be slightly more difficult.

There have been binary patch projects (I used to use one at openbsd.org.mx), but since I have resigned myself to installing a compiler and the whole of the OS source code into /usr/src, I find the binary patches to be superfluous.

OpenBSD does cling to some of the other BSD behaviors in lieu of POSIX. Default use of the long-deprecated C-Shell and old-style "ps" behavior ("ps aux" rather than "ps -ef") come to mind.

Having everything in /usr/src is really the UNIX way from the days of old. It's a shame that we moved away from this practice.

WTF are you talking about? (0)

Anonymous Coward | more than 6 years ago | (#21203403)

First of all, csh is not the default shell. Second, the use of BSD style args for ps and tar is simply allowed, not required, just like on any linux system. ps aux is the same on openbsd as it is on any popular linux distro.

Re:Because... (0)

Anonymous Coward | more than 6 years ago | (#21203541)

(Disclaimer: I'm not a BSD user, I'm a Slackware Linux user)

I don't like having extra tools on a system that doesn't need those tools, whether it's network services, or software development tools (including compilers), or anything. That's one of the biggest reasons I prefer Slackware Linux over the others. It seems silly to suggest to me to disable (or don't install) unused services yet require me to install something else that I don't need, just so that the developers don't have to recompile their code for distribution. Not everyone is, or wants to be, a software developer.

If I receive the software product in source form, patches to the source would be acceptable and appropriate.

But if I receive the software product in binary form, binary patches or a tarball of binary replacements are more appropriate. If it's "security through openness" then I am led to think that they wouldn't distribute binaries at all. Which is obviously not the case. Therefore, if you have to trust someone to provide you with binaries for the initial software load, are they suddenly not trustworthy enough to provide you with binaries for security updates?

(If you can't come up with good reasons on your own not to have a compiler when it's not needed, go ahead. Ask.)

-M

Cheap forks (1)

Caesar Tjalbo (1010523) | more than 6 years ago | (#21200785)

... all the forks ... have become much cheaper
... good news for the BSD daemon, it can now... uhm... upgrade its fork.

I can run it on ALL of my hardware (1)

thomasdz (178114) | more than 6 years ago | (#21200937)

PPC Mac, random Intel boxes, and most importantly, my collection of VAX systems can all be running the same code.
That's why I like it and use it.

what is new? the answer is... (2, Informative)

lordholm (649770) | more than 6 years ago | (#21201053)

There is a new song, as far as I am concerned, that is one of the more exciting features in OpenBSD 4.2. :)

Oh boy! (3, Funny)

rabel (531545) | more than 6 years ago | (#21201101)

basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper)

And the bifflespaf WTF has more pargodoogen XRR! But what about the Garblerackin' snarkenlugey 533p?

Yeah, yeah, I know, it's /. so this is to be expected, but this is getting ridiculous.

Re:Oh boy! (1)

yukk (638002) | more than 6 years ago | (#21201519)

basic benchmarks showed PF being twice as fast, a rewrite of the TLB shootdown code for i386 and amd64 cut the time to do a full package build by 20 percent (mostly because all the forks in configure scripts have become much cheaper) And the bifflespaf WTF has more pargodoogen XRR! But what about the Garblerackin' snarkenlugey 533p?

I think you mean : "The badabadabingabanger button on the raidorama cuttin' on the systematicalifornication and a license application is a fishybomination and a random allocation got a copywritten melanoma sasafrazzin' wireless device". [openbsd.org]

So what? (1)

Joseph1337 (1146047) | more than 6 years ago | (#21201185)

It still hasn`t got toster support feature like NetBSD... geez, you all so easy to get excited

An Added bonus (0)

Anonymous Coward | more than 6 years ago | (#21201729)

An Added bonus to OpenBSD 4.2 is excerpts from Theo De Raadt's latest Solo Album, "Difficult"

Tracks include:

1. Buttons Are For Idiots
2. High on Glue
3. Start Saying Nasty Things
4. Your Opinions (Go Shove Them Up Your Ass)
5. Absolutely Deluded
6. Where's the beef?

Re:An Added bonus (0)

Anonymous Coward | more than 6 years ago | (#21203595)

I prefer his early work: NetBSD/sparc Whiners scale well Shut up and hack!

sp1? (5, Funny)

farkus888 (1103903) | more than 6 years ago | (#21201811)

I am thinking some of the optimizations to pf and the network stack are pretty cool but I think I will be waiting for sp1 when they have worked out all the bugs and security holes before I upgrade my machine.

But what is the cute code name? (1)

frank_adrian314159 (469671) | more than 6 years ago | (#21202201)

All the popular distros have them! How about "Demonic Deadyet"?

What's new in 4.2? I'll tell you what's new! (0)

Anonymous Coward | more than 6 years ago | (#21203861)

The OpenBSD project now offers Offical ISO files (for i386, [anonym.to] amd64 [anonym.to] as well as a bunch of minor ports) you can grab fresh off the ftp server! No need to donate or to even read the mkisofs man page any more!

Nice job, guys. (0)

Anonymous Coward | more than 6 years ago | (#21204059)

This is not only sweet, the timing is perfect. I just got in a new Soekris board and will be trying this out. The performance improvement on the networking side is amazing. OpenBSD + Soekris makes the best firewalling combo around.

And OpenBSD + Soekris + Postfix makes the best small mail server around. My spam level is down to near zero, and that's with DKIM/Domainkeys. It's rather amazing.

Many thanks to everyone who contributed.

I'll also be showing my support by buying a CD. I encourage all you use OpenBSD to do the same.

I'm just strollin' (4, Funny)

FoolsGold (1139759) | more than 6 years ago | (#21204135)

The only reason I clicked on this article is 'cos I really dig the red stylesheet for BSD news here. Reminds me of strawberries.

I assume BSD has other, more useful features though.

BSD License (2, Interesting)

Danathar (267989) | more than 6 years ago | (#21204325)

And since this is all BSD licensed code you are free to take the code, put it in your proprietary "net security appliance" making any improvements of course without giving one single improvement back.

There are SO many 1U security "black boxes" that obviously rip off OpenBSD for 95% of their product it's just pathetic. I don't recall many of them touting that they used OpenBSD or ever hearing some of the "cool" features they SAY they have ever being contributed back to the main code repository for OpenBSD.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>