Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

OpenBSD 3.9 Released

Posted by Hemos on Mon May 01, 2006 06:56 AM
from the free-willy dept.
Upgrades Operating Systems Software Announcements BSD
An anonymous reader writes "OpenBSD 3.9 was released this morning and is now available for download from the OpenBSD mirror sites. Among the new features is integrated framework for monitoring hardware sensors, a BSD licensed driver for nvidia nforce ethernet, and loads of new drivers and bug fixes. Of course you can still purchase the CD-ROM set which includes support for five platforms: i386, amd64, macppc, sparc, sparc64, and also includes the complete blob free source tree and prebuilt packages for many architectures. As always your contributions help to continue the devlopment of this great opeating system."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

OpenBSD 3.9 Released 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • BSD confirms it. Netcraft is dead.
  • As always your contributions [openbsd.org] help to continue the devlopment of this great opeating system."

    That sentence about should read:

    As always your contributions [openbsd.org] help to continue the devlopment of all opeating systems.

    Apple's security relies on openSSH, Microsoft service's for Unix are openBSD tools, there's traces of it all over linux. In short openBSD has made everyone's lives better - you should contribute to openBSD if you're a computer user of any sort!

    Thanks Theo - for releasing your work under a BSD license, you've allowed us all to benefit from it.
      • Not to disagree ith you but I'm a longtime Ubuntu user (since Jan 2005) and I'd like to ask: what, among the things you've listed, couldn't have been done without Linux?

        Go to the Ubuntu packages pages & search for openbsd [ubuntu.com] Two pages of results! And that's barely scrathing the surface.

        Furthermore, as someone else in this thread mentions, openBSD audits their code more thoroughly prior to inclusion in their system. Many packages used in Ubuntu (apache, x.org, etc etc etc) have bug fixes contributed back from the openBSD port.

        You're thinking I'm saying that openBSD can do something linux can't - I'm not really, its more like openBSD is the cranky old uncle of the free-unix family, telling all the youngsters to lock their doors & not walk around at night :-)

      • Re:Not to disagree with you... (Score:2, Insightful)

        by Anonymous Coward
        "longtime...(since Jan 2005)"

        LOL! This statement is just sooo linux. So you use Ubuntu, like the hordes who jumped on Gentoo when it was cool (and on Red Hat and Mandrake long before that.) The overwhelming majority of users who yell 'Linux!' at everybody are switching distros everytime a new one comes out. That's why so much effort goes in to semi-locking-in users by the package management system, a la YAST2. Keep your Ubuntu CD for another year AC, I'll bet even money you have a different distro on your m

      • How is 'since Jan 2005' a long time :) This must be a joke, but just in case...

        There's no such thing as 'the Linux compiler' (hint: GCC is a GNU tool, Linux is a kernel and NOT a GNU project). Neither GNOME nor the X Window System are 'Linux contributions'. GNOME is a GNU project born for giving an alternative to KDE (because Qt was not free at the time) and XFree86 predates Linux.

  • Dodos rejoice (Score:4, Interesting)

    by Rosco P. Coltrane (209368) on Monday May 01 2006, @07:00AM (#15236015)
    which includes support for five platforms: i386, amd64, macppc, sparc, sparc64

    at least you'll be able to do something with your old mac when Apple is done switching and pulls the plug on ppc support for good...
    • which includes support for five platforms: i386, amd64, macppc, sparc, sparc64

      So, is this going to make OpenBSD a new target for viruses? Someone better tell Theo!

    • That is hardly going to happen any time soon. There is really no reason for them to stop supporting PPC, as there will be many PPC users still after 5 years. That being said, there will be a time when your PPC won't run the newest OS X anymore. Still, I am sure that the most recent version available will still be ahead of OpenBSD, when it comes to desktop use. If you are talking about servers, then you might have a point...

  • Rock Solid Already (Score:5, Informative)

    by Anonymous Coward on Monday May 01 2006, @07:02AM (#15236019)
    Actually the CDs have been shipped for those that preordered, I got mine a couple fo weeks ago. The best thing, it just installs like a dream. I tried setting it up inside a VMware Workstation, took all of about 5 minutes from the CD.

    I also made my first donation to OpenBSD for a long time, to keep it going, since I use OpenSSH every day, infact my job depends on it.

    • Re:Rock Solid Already (Score:4, Interesting)

      by pimpimpim (811140) on Monday May 01 2006, @03:03PM (#15239913)
      I've always had the easiest installs with openbsd, on a rather exotic motherboard with via C3 processor, I got my sound, video, IBM rapid access keyboard with all extra keys, etc working directly from install. I never had this with any linux version I tried. For the things I want to do: edit files, run a (web)server, listen to music, watch videos, OpenBSD gives me more than enough.

      So to me, OpenBSD is just a Good Thing (R) from a practical point of view. I don't bother to have the latest version of everything, but I'm happy when things "just work" ;) and you can trust that they are solid and safe.

  • Have my CDs already (Score:4, Insightful)

    by grub (11606) <slashdot@grub.net> on Monday May 01 2006, @07:07AM (#15236036) Homepage Journal

    Installed on an AMD64X2-3800. zoom Had to compile -current for something but I'm in the minority.

    Order the CDs and make a donation today, you cheap bastards!
  • "help to continue the devlopment of this great opeating system."

    1. Spel checkr.
    2. Full LRF support.
    3. There is no third thing.
    4. Universal Binary.

  • Torrents! (Score:5, Informative)

    by Gandalf360 (194169) on Monday May 01 2006, @07:31AM (#15236106) Homepage
    Before the weight of the collective slashdot effect kills the main BSD servers, check out the bit torrents that are located here: http://openbsd.somedomain.net/ [somedomain.net]

    • First of all, I am not a user of *BSD, although I do appreciate their goals. I am a Debian [debian.org] user and have been one for quite some time now.

      One fact to appreciate about Debian is that it is loosing its ties to the Linux kernel [kernel.org] and becoming more and more general, now including even BSD efforts (like the kfreebsd5 [debian.org] port).

      So, even though I am a Debian user, I have this secret appreciation for all the work that the BSD people have done and continue to do and I am downloading the OpenBSD release from the torren

  • Only OpenBSD supported my wireless card (Score:5, Interesting)

    by dildo (250211) on Monday May 01 2006, @10:04AM (#15237058)
    After two weeks of attempting to get the various crappy beta-quality drivers to work on linux, I switched to OpenBSD to find that it supported my wireless card perfectly. (I have a PPC machine, so ndiswrapper was not an option.)

    Installing was also easy. If you have a little patience and are not afraid of a text-only install, starting OpenBSD was very easy.

    I like this operating system. The man files are comprehensive and well written, and even a person with limited technical experience (me) was able to get everything working fairly quickly.

    • Hear hear.

      I've had numerous similar experiences with it over the years, and its elegant simplicity is always what wins me over in the end. Linux casts a wide net, and tries to be all things to all people, with the consequence that with things like driver support, it so frequently ends up being an ugly hack. Whereas with OpenBSD, if the hardware is supported, it works beautifully - wireless is a particularly good example of this.

      I know that elsewhere on these pages I have likened OpenBSD (as a UNIX) to M
    • IMHO, the best idea OpenBSD brings to the table is that drivers for ALL supported hardware are included, and will be automatically enabled on boot-up. That means you can take a hard drive with OpenBSD on it, from one system to another, and not need to do any reconfiguration at all. It will automatically use the highest ATA mode possible, probing the new USB2 card for devices, etc.

      The exceptions being X11 (if you're using it), and your IP addresses (if you aren't using DHCP, PPP, PPPoE, etc).

      Swap soundcard
      • See this article [informit.com]:

        In OpenBSD, the UNIX manual pages are considered authoritative. If a program or function call does not behave exactly as the manual describes, this is considered a bug. This is reflected in the development process, which does not allow any code that result in a user-visible change to be committed to the tree without an accompanying update to the documentation.

        So if something in the base install does not work as documented, report it. Bug reporting instructions are here. [openbsd.org]

  • 3.9 adds Zaurus remote control (zrc) support.
    info: http://www.openbsd.org/cgi-bin/man.cgi?query=zrc&s ektion=4&arch=zaurus [openbsd.org]
  • This article (and release) are excellent timing for me. My latest project is building a firewall to replace our SonicWALL with an OpenBSD system. I need to make a hardware recommendation for something that can:
    • Support at least four NICs (WAN, LAN, DMZ, wireless), with gig-eth between the LAN and DMZ.
    • Terminate three or four OpenVPN tunnels over a 3 Mbit connection.
    • Run Snort (not strictly necessary, but would be a nice bonus).
    • Ideally fit in 1U of rack.

    I'm having a hard time with this. This

    • eRacks [eracks.com] and Hawk [hawk.com] are two of the commonly-suggested vendors that sell machines with hardware specifically chosen for OpenBSD compat (and will even pre-install, if that's your thing). I'd suggest any 1U generic box built in the last 5 years with 512-1024MB of RAM. Good NICs are going to be more important than CPU (fxp(4) is a good choice; see the misc@openbsd.org archives, since this question comes up regularly). Either of the above vendors (or others; check Google for "openbsd rackmount server") should be abl

  • BSD licensed nve driver? (Score:3, Informative)

    by toadlife (301863) on Monday May 01 2006, @12:05PM (#15238217) Journal
    "a BSD licensed driver for nvidia nforce ethernet"

    PLEASE, for love of Beastie, port this over to FreeBSD. The existing nve driver in FreeBSD is a POS.
  • Can I finally use carp on a transparent bridge?

    The carp man page says something about not needing an IP anymore if you specify carpdev, but I haven't found any relevant examples. I'm in the middle of setting up two 3.9 boxes to try making it work.

    • Re:architectures? (Score:4, Interesting)

      by The Tyrant (472050) on Monday May 01 2006, @07:47AM (#15236173)
      OpenBSD has excelent Sparc support, and I for one am very happy about it, Sparcs make excelent firewalls and servers for small environments, mine currently has a quad fast ethernet card in the back thus meaning I dont need an extra hub in the server cupboard (just the four rooms it connects to) and combined with OpenBSD's excelent packet filter and rock solid security (which is even stronger on sparc since it can take advantage of quirks of the archetecture to defend against some attacks better) it makes an ideal server for me, runs nicely and doesn't even push the sparc that hard.

      Joke or otherwise, Sparcs are awesome machines (for some roles), and OpenBSD is an awesome system.

      • Re:architectures? (Score:2, Insightful)

        by Anonymous Coward
        rock solid security (which is even stronger on sparc since it can take advantage of quirks of the archetecture to defend against some attacks better)

        With sparc64 you can use the sparc quirks and also the security mechanisms intentionally built into the sparc64's, which the sparc's lack.

        sparc64 seems to be the best platform of all to employ the highest security with OpenBSD.

        What a shame Sun are such a bunch of a-holes with their pseudo "open source friendly" stance. They open up the specs and design to their
    • Take a look at the OpenBSD rack [openbsd.org] in Theo's basement, and you will see how popular SPARC32 kit is with the devs - I counted 5 machines in total.
    • What about Niagara [sun.com]?

      Unfortunately, last I heard, Sun was being their usual selves and hiding key architectural details (e.g., chipset stuff) that are holding up the porting effort.

      That was about a month or so ago -- hopefully Sun have decided to open up by now ...
    • I'm glad they support Sparc, as Solaris is no longer supported and Linux has some serious problems on Sparc systems. The old Sparc hardware is very reliable and neat and OpenBSD makes a nice replacement for Solaris.
    • There's TEPATCHE for binary updates.http://www.gwolf.org/soft/tepatche/ [gwolf.org]
      I don't see Theo and all supporting binary updates. And this, I think, because of the security goal. But I may be wrong. For instance, remember when Debian's servers were cracked (about 1 1/2 year ago, AFAIK)? What if you installed a binary with malicious code?

      But in fact, why don't they officially support binary updates? What's the "official" answer on this issue?

      At least, that seems like a reasonable motivation. OTOH, system administra
      • Ooops, sorry. Tepatche is not about binary updates.
      • What if you installed a binary with malicious code?

        Given that none of the install packages on the main or mirror sites are signed, there's no more exposure from downloading a (possibly hacked) binary patch than from downloading a (possible hacked) installer. And if they adopted the practice of signing the installer, then they could also sign the patches.

        I don't buy the idea that it's harder to securely distribute patches than it is the base system. Furthermore, I don't recall ever hearing any of the O

    • If you can afford another OpenBSD box for building patches you can use binpatch [sourceforge.net].

      • Why are you wasting time in IE doing MS updates? That's what WSUS is for.

        Most of my OpenBSD boxes are IP-less firewalls, so usually I don't really worry about patching them until the next release comes out.

      • Frankly, this is crap. 10GB drive and you can't maintain a source tree???

        I could maintain a lot of stuff in 10GB, but given the sensitive nature of most OpenBSD installations (such as firewalls, etc.), GCC is not among the things I want to have around.

        According to the FAQ [openbsd.org], three file sets are required for installation:

        • bsd
        • baseXX.tgz
        • etcXX.tgz

        Although that gets you a complete running system, it doesn't leave you with one that can self-host source updates. Given that I run exactly one OpenBSD machine at the office, I don't want to have a separate build server sitting around just to keep it updated. So, even though I have the hardware to support the process, and the technical skills to do so, it's still a major pain in the neck.

        Oh, and to those saying I should just install snapshots, the FAQ says: [openbsd.org]

        Between formal releases of OpenBSD, snapshots are made available through the FTP sites. As the name implies, these are builds of whatever code is in the tree at the instant the builder grabbed a copy of the code for that particular platform. Remember, on some platforms, it may be DAYS before the snapshot build is completed and put out for distribution. There is no promise that the snapshots are completely functional, or even install.
        Elsewhere on the site are other discouraging words [openbsd.org]:

        • /pub/OpenBSD/snapshots/
          For our major architectures, we tend to build mini releases of unknown stability and quality about every month or so. This is where we place those test releases.

        Ain't no way I'm going to tell my boss that my security update process involves "mini releases of unknown stability and quality". That is why I'd like to see "baseXX-r1.tgz" at ftp.openbsd.bsd (and it's mirrors) that holds nothing but the 3 or 4 binaries I'd need to upgrade on a stock system to bring it up to date. I'm not stupid or broke - just very time-challenged. I'd be happy to pay for a subscription to such a service were one available.

        • Anyone recomending you install a snapshot on a production machine is an idiot.

          There is binpatch out there but it requires you to have a build machine and roll the patches yourself. I'm not aware of anyone one rolling updates and making them available publicly. Be a nice contribution for someone with a little time to do it.

        • I could maintain a lot of stuff in 10GB, but given the sensitive nature of most OpenBSD installations (such as firewalls, etc.), GCC is not among the things I want to have around.

          Kill this goddammed myth already...

          Removing programs from your hard drive can't POSSIBLY make your machine any more secure. Taking the SUID/SGID bit off can, but that's a bit different, and programs like GCC aren't SUID, anyhow.

          It's absolutely ridiculous to assume an intruder NEEDS you to install GCC for him. He can quite easily

          • It's absolutely ridiculous to assume an intruder NEEDS you to install GCC for him. He can quite easily install OpenBSD on his own hardware and compile the code there, transfering the binary to your box. Or he can install whatever dev tools he wants, once he has root on your box.

            I'm first going on the assumption that the attacker only has regular user access. If he has root, then all is lost (well, not completely [openbsd.org], but still...). Regular users, though, might find it a bit annoying to not have any includes

          • Ive got a number of systems with just 6gb or less of hdd space, and I have plenty of room to build the tree. You only need around 1500Mb spare on /usr.

            So you missed the entire point of my post, that I don't want GCC on my firewall, and that I don't want to maintain a build machine for the sole purpose of keeping that firewall server up to date? Re-read what I said.

                  • Jacek Artymiak explicitly states (no less than three times) in his book, Building Firewalls with OpenBSD and PF, Second Edition [openbsd.org], that you shouldn't install source code and a compiler on your pf box (firewall). To quote him from page 71, "There is just too much possible risk" in doing so. While he doesn't go into the minutiae of the consequences, one can guess that if the pf box were compromised, you are giving the attacker everything he/she needs to own your box. I recommend you read his book and refer to p
    • 1) qmail and djbdns don't have licenses, they have rants
      2) the license rants are not free for openbsd to use
      3) there is nothing wrong with sendmail and bind
      4) nothing prevents you from downloading and installing qmail and djbdns

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.