Forgot your password?
typodupeerror
BSD Operating Systems

OpenBSD 3.0 Release, Interview with Theo 307

Posted by michael
from the wuftpd-not-installed-by-default dept.
mvw writes: "Here is an interview with OpenBSD's Theo de Raadt. Interesting is his comment on Soft Updates and the comparison to the rivaling Journaling file systems technology. Further he links to a very interesting paper by some Soft Updates researchers." And although OpenBSD 3.0 has an "official" release date of December 1 for whatever reason, it seems to be available by FTP or CD already. Lots of changes since 2.9.
This discussion has been archived. No new comments can be posted.

OpenBSD 3.0 Release, Interview with Theo

Comments Filter:
  • As much as I accidently hit the stupid reset button on the front of my computer a Journaling file system would be great. I dont have any exp. with Bsd and was wondering How is the selection of applications for BSD? I dont need alot, A console text editor (Preferably with syntax highlighting), a Graphical Web Browser, an Mp3 player. That is about all I really use on a regular basis.
    • Most things that compile for Linux will work under BSD.

      So vim and emacs work, mozilla works, and whatever MP3 player you want will work.
    • by ^chuck^ (131444) on Thursday November 29, 2001 @01:52PM (#2632259) Homepage Journal
      sigh, its been well explained that you don't need a journaling filesystem to be safe with transfering data to the harddrive. In fact, if you're clever enough, you can even get away safely writing without having to hold the entire system up (hence, softupdates). If you actually look through the interview, you'll find Theo actually pointing you to resources that quite seriously make this point (journaling not needed).
      take a look at this [theaimsgroup.com]
      it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.
      Is waiting for fsck to finish really that much of a problem for you?
      • by greygent (523713) on Thursday November 29, 2001 @02:26PM (#2632514) Homepage
        > Is waiting for fsck to finish really that much of a problem for you?

        Yes, actually, when you're dealing with servers with 100's of gigs.
        • Re:As much as I (Score:2, Informative)

          by Anonymous Coward
          I understood the article that part of the repair work can be done after mounting the soft updates fs.
        • So this server with 100's of gigs...

          You just pull the plug when you need to reboot? Or this "vital" server doesn't have a UPS?

          If you're running OpenBSD, is it safe to assume you know to shut the machine down cleanly and to have UPSes on servers?

          Isn't this whole discussion related to the fact that power suddely dies or the like? If only the drive fails you're screwed anyways (but this server does have a fault-tolerant RAID card right?).
      • The expert opinion: http://kt.zork.net/kernel-traffic/kt20000814_80.ht ml#1 [zork.net]

        I've been excited about the TUX2 filesystem ever since I heard of this. I hope this is the default for 2.5 - 2.6 barring some unforeseen problem.

        -l

      • it can be frustrating being right, all journaling really seems to do is attempt to fix the problems ext2fs has by laying another piece of code on top of it, instead of fixing the primary problem, that is that ext2 is broken as far as the BSD hackers are concerned.

        Journalling is one solution to the problem, and soft updates is another. Each is worthwhile within its own contexts.

        A solution analogous to soft updates is coming with the tux2 file system from Daniel Phillips, which uses ordered writes to ensure the integrity of a file system, as soft updates does. BTW, I'd find it REALLY interesting if a BSD filesystem hacker ACTUALLY said ext3 was broken because it used journalling and not ordered writes. I think you are just creating controversy where none exists.

        Journalling keeps a near synchronous log of inconsistencies between the file system on disk and the one in the VM. This allows crashes to be reconstructed to a consistent state. Soft updates simply groups the inconsistencies and writes them in a particular order that ensures the consistent state can be restored after a crash. Each is faster under sets of circumstances, each can be slower under others. Linux will have both fairly soon. I personally think ordered writes is a more elegant solution, but either seems to solve the problem reasonably.
      • I had to reformat my disk and lose some data when my linux box froze and I had to reboot. The filesystem was so corrupted that fsck couldn't fix it. Thats some serious stuff. Thank god it wasn't a server. A journaling filesystem maes sense in situations like this. Also fsck can take many hours on a huge file server in a raid configuration. I have seen Novel and NT take as long as 4 to 5 hours to do a disk scan on a large volume. As an admin your job would be on the line for a downtime that long. For servers a journaling filesystem is a must have. I bet its the reason why Windows2000 sales are so big. Sure it may not be as rock solid as unix but downtime can be fixed by a reboot. yes, mission critical Microsoft servers are actually rebooted on purpose to prevent downtime. :-)

        But with clustering and a journaling filesystem its not a big deal.

      • I dont *want* to wait, I want my computer booted *now*. I dont want to wait for it to power down. I dont want to wait for it to power up. When the trivial bit of code main() { while (1) fork(); } run from userland can cause me to need to hit the reset switch I dont wanna lose data and I dont wanna have to wait for 15 minutes for it to boot back up.
    • There is very little that linux runs that won't run on *BSD. Those that won't run are most likely baddly written programs that you don't want on your comptuer anyway, if you need those features write a new program without all the bugs. The exceptions are there might be a few closed soruce apps which don't work right in linux emulation (most of them work), programs which deal directly with the kernel on a low level (which should not be portable, though there should be an equivelent for your OS), and programs that reqire hardware or hardware access. (Wine for instance requires user access to LDT, whatever that is, which isn't enabled, in this case easy to enable, though there might be others)

      By and large though a program that runs on linux that won't compile and run for *bsd is not a program you should allow on linux. Any programer who can't write portable code, has probably made a lot of other stupid errors what will bite you. Be careful to seperate unportable code from portable code that hasn't been ported yet. A program that only runs on one OS is likely the former and you shouldn't touch it, while a program that runs on several OSes but hasn't been ported to yours could be well written and just in need of minor adjustments to work right.

    • You might want to look into the /usr/ports tree for starters. It's all there. It's a no brainer. Start your reading at one of the BSD portals and you'll find all you're looking for.

      It's really a non-issue.

      PS: Plus, FreeBSD has a really decent Linux emulation which works around all cases where you can't find the native stuff for some reason (proprietary vendor binaries etc).

  • by InterruptDescriptorT (531083) on Thursday November 29, 2001 @01:33PM (#2632107) Homepage
    SECURITY FIX: fix buffer overflow reading queue file in lpd

    For those running OpenBSD, especially as a gateway/firewall/NAT box, this is an important fix. I am running 2.9 with this patch added, and my snort [snort.org] logs tell me (judging from the number of attempts) that this exploit is a fairly commonly tried one. In November alone, there were at least 30 lpd overflow attempts on my machine. Granted, not most people have lpd open to the world, but I can imagine a few people might want to do remote printing from work, etc.
    • by smack.addict (116174) on Thursday November 29, 2001 @02:48PM (#2632669)
      Why in the name of all that is holy would anyone have lpd running on a firewall?

      • yum. sorry, I can't resist.

        1) logging to paper; so the cracker can't totally erase his trail

        2) backup to paper; so you have some recourse if your system config is massively hosed AND your magnetic media is toast

        and, wait for it...
        3) SWAPPING to paper; because you can! (just point your swapfile at /dev/ocr ) and more importantly, to score extra points on the C purity test.
        • 1) logging to paper; so the cracker can't totally erase his trail

          That doesn't require lpd. Just add the line printer's device name as an additional target in syslog.conf.

          Or run a teletype console, and log everything important to the console. (I've actually seen a setup that used that. In production. In 1996.)

          Even if you do use the Unix print spooling subsystem on your firewall, you should not have the lpd port (515/tcp) open on the public network interface(s).

    • They're still saying "Four years without a remote hole in the default install!"

      Isn't it a bit disingenuous to say this? Yes, it's true that the default install doesn't start lpd, but it certainly installs it.
  • Fixes (Score:3, Informative)

    by jeriqo (530691) <jeriqo@unisson.COMMAorg minus punct> on Thursday November 29, 2001 @01:37PM (#2632138)
    Actually, OpenBSD 3.0 was available for download since nov 25th, and a few patches (security fixes) are already available.
    Here is the list: http://www.openbsd.org/errata.html [openbsd.org]

    Don't forget to update to OpenSSH 3.0.1

    -J
  • Release Date (Score:3, Interesting)

    by Accipiter (8228) on Thursday November 29, 2001 @01:37PM (#2632139)
    And although OpenBSD 3.0 has an "official" release date of December 1 for whatever reason, it seems to be available by FTP or CD already.

    Probably because they want to avoid a fiasco like the last tremendous release mess that michael caused [slashdot.org].

    It's not uncommon for "official" releases to be after the initial release. It's like when a large department store has a "GRAND OPENING". In many cases, the GRAND OPENING is about a week after the store actually opens. Or if the store opens during the week, the GRAND OPENING will be on that weekend.
    • Re:Release Date (Score:1, Offtopic)

      by gmhowell (26755)
      Does anyone have a mirror of the GET-A-CLUE-SLASHDOT.TXT?

      And I see that yet again, criticism of slashdot is modded into oblivion.
      • Here's the text from that file:

        Slackware 7.2 is NOT released.

        Is this in the slackware-current, or slackware-7.2 directory?

        Looks like slackware-current to me.

        Wake up, do some REAL reporting (like, ask someone on our team), and stop trying to get "fp!".

        ...should be about a month for the actual release.

        - Pat

        (I wish I could find the reply to michael's ascertation of it being a beta, aptly named "THIS_IS_NOT_A_BETA_EITHER.TXT, but that seems to have been lost in the sands of time.)
  • by Gopher (24294) on Thursday November 29, 2001 @01:39PM (#2632153) Homepage
    As I sit here waiting for my copy of OpenBSD 3.0 to arrive, I've been reading the exchange of emails between Theo and the NetBSD core team, which is a history of how OpenBSD came to be.

    If you haven't read them before, it's quite a read, and a good lesson of how personal politics can fragment a collaborative project.

    Here's the link: http://zeus.theos.com/deraadt/coremail [theos.com]

    • by Syberghost (10557) <syberghost&syberghost,com> on Thursday November 29, 2001 @02:01PM (#2632322) Homepage
      What was amazing to me about them is the fact that Theo proudly links to them as proof that he was being entirely reasonable and they were being discriminatory, but the emails show quite clearly that he was completely unwilling to make a simple promise not to be an asshole after having demonstrated a history of pissing people off.

      He's got a right to be an asshole, and god knows I'm the pot calling the kettle black, but to link to those emails and think they provide vindication is heavily disconnected from reality.
      • I think Theo's abrasive nature is just that--his nature. He isn't willing to change his way of dealing with people.

        Often I'll wish people would just simply way what they think, with no prevarication; and when somebody (like Theo) does exactly that, I get squeamish all of a sudden. "Ooh, I can't believe he said that..."

        Theo has a habit of speaking his mind. Dealing with him is probably a chore, but a worthwhile one.

        • Well I guess it's lucky for him he came up with OpenBSD. Otherwise it sounds like he would just be another asshole to hate.

          I run OpenBSD and I'm not trying to put Theo down in any way. I'm only making an observation off of what I have been reading.
          • by rho (6063)

            Well, an asshole with a good gift for programming (at least to my uneducated eye). The work Theo and the other OpenBSD team members have done is good stuff. I, too, am an OpenBSD user.

            I went back and re-read the whole mail archive again, and I don't see from where you derived this label as an asshole. A significant portion of the archive were messages from Theo exclaiming or proclaiming some bit of hackery he had done to further the sparc port. These were interspersed with messages from core members asking again and again, "will you promise to do items 1, 2, and 3", with Theo replying again and again, "yes, I will, can I have cvs access again?" to, apparently deaf ears. There were plenty of dirty sphincters to go around; I wouldn't be so quick as to fling one on Theo's back.

            Actually, I'll give Theo some credit here: I would have left in much less time and found other diversions. I have less patience (if more tact) than Theo does.

        • Dealing with him is probably a chore, but a worthwhile one.

          Are you volunteering?

      • by aussersterne (212916) on Thursday November 29, 2001 @04:26PM (#2633148) Homepage
        I read them and got exactly the opposite view. It sounded to me like he was a regular guy getting the shaft and not wanting to take it lying down. And that little clip from IRC where he said:

        Then I guess you are just stupid.

        That made me laugh like mad. I love it. Sounds like me. Sounds like my friends. Hey, he cycles. He caves. He founds OpenBSD. He speaks his mind. He has a sense of humor. He sounds cool, not like an asshole at all.

        Some of the other people I was reading... Like the guy who kept on about professionalism and representing your organization, even in private e-mail... sound like pricks/assholes to me. I've had to deal with people like that -- people who feel like the dollars and the "drive to succeed" are all that matter and that individuality and honesty have no place in America.

        But then, I will never sell me soul to my employer or anyone else, no matter how much cash or recognition it would get me. Guess that makes me a commie. ;) Of course, the whole open-source world has been accused of being nothing more than a communist plot...

        Rant, rant, yaddah, yadda...

        I dig Theo. OpenBSD just scored personality points in my book.
        • I dig Theo. OpenBSD just scored personality points in my book.

          You know, I agree completely. I'd been wary of Theo, for a lot of the reasons that most everybody else is - he seemed like a jerk, uncompromising, and so on, all because of the attitude the community [Slashdot] takes toward him.

          But that article, and interview, really puts him in a new light. He doesn't take any crap, but he seems like a nice guy, he seems like he's got a sense of humor, and he certainly does live the coding life he wants to. I especially liked the Rock-Star Operating System lifestyle comment.

          This was a great interview to post.

        • by scrytch (9198)
          Then I guess you are just stupid.

          That made me laugh like mad. I love it. Sounds like me. Sounds like my friends. Hey, he cycles. He caves. He founds OpenBSD. He speaks his mind. He has a sense of humor. He sounds cool, not like an asshole at all.


          This sort of social stuntedness is what you find novel, fresh, and daring? Cripes, it's just the typical petulance one normally comes to expect from this guy. Churchill could be quite an asshole, but he had style (e.g. "when I wake up, I'll be sober") Theo's an organizational genius, not a half bad coder, he's probably even nice to his own team ... but he is not only utterly intolerant, he is vindictive, and it's precisely why NetBSD gave him the boot.

          There are a lot of stupid people out there. Most of them aren't even worth dealing with. But it certainly doesn't make one an iconoclast to throwing around petty insults to prop up one's feelings of superiority. It makes for a pathetic maladjusted loner ... or for those who have to witness this behavior day after day, just an asshole.

    • Pretty impressive reading. It reads as a bunch of guys on the NetBSD front being pretty reasonable and just wanting him to stop behaving like a prat. His response is to throw his toys out the pram and storm off in a huff.

      Full credit to him for getting this sort of stuff done, but I hope he has grown up since then.
    • by dghcasp (459766) on Thursday November 29, 2001 @03:07PM (#2632813)
      Notably absent from the email exchange are any of the emails, ICB logs, or anything that show the basis for the whole problem.

      Basically, Theo had a history of being abusive and petty to anyone who didn't meet his standards of cluefulness. He pretty much admits this himself in the interview. This was alienating a large number of NetBSD developers who ended up leaving the project (I was one of them.)

      The Core team repeatedly asked him to tone it down; their feeling seemed more of a "anyone who wants to help with NetBSD will be welcome," instead of "You must be this elite to code NetBSD." Theo maintained that he was doing nothing wrong.

      Eventually, they shut Theo down, which is where the email thread starts. A large part of the thread deals with Theo's requests to regain CVS access. The Core group was willing to submit his code as patches themselves, but Theo would only submit code if he could have CVS write access. Core was worried that Theo might decide to get "revenge" by damaging the CVS tree; This might seem worry-warting, except they all knew that Theo had been previously fired from a SysAdmin job at the U of C for doing something like that.

      Eventually, Theo started OpenBSD and now has his own sandbox where nobody can tell him what to do. In the end, I guess that's good, because both OpenBSD and NetBSD regularly crib from each other's trees anyways and people now get the choice of whether they want to deal with Theo or not.

      • Theo had a history of being abusive and petty to anyone who didn't meet his standards of cluefulness. He pretty much admits this himself in the interview. This was alienating a large number of NetBSD developers who ended up leaving the project (I was one of them.)

        So YOU were the one that took your toys and went home, and HE was the one you consider PETTY. I think that was a very telling statement on your part.

        Core was worried that Theo might decide to get "revenge" by damaging the CVS tree; This might seem worry-warting, except they all knew that Theo had been previously fired from a SysAdmin job at the U of C for doing something like that.

        If they were worried about him destroying the CVS tree, then why were they all very willing to give his CVS access back? It's all in the archives, there was not a single objection to giving him full CVS access after it had once been revoked.

        Secondly, if you wish to claim that Theo had done something similiar, I would expect proof to back it up.

        If you want my oppinion on the matter, after Theo had be thrown out, he was being told to jump through hoops, several of which he did, only to be told to jump through more. If I was in his situation, I would have gotten fed-up with the political crap as well.

        Finally, I believe his story completely because he has documentation of it, publicly available evidence (discussions on NetBSD mailing lists) supported it, and personal experiences of mine have shown him to be perhaps blunt (this report will be ignored until you learn how to properly report a bug, etc) but never abusive. Of course, reality has a tendency to bruise gigantic egos.

        • So YOU were the one that took your toys and went home, and HE was the one you consider PETTY.


          That's like calling an abused wife who leaves her husband a quitter.

          He got tired of being abused, and he left. Theo was asked to do something pretty damn simple; promise not to abuse people anymore. If you can't promise not to do that, there's something wrong with you.
          • He got tired of being abused, and he left.


            I have never run into a developer (or core member) that seeks out other developers to abuse them. If that developer thought Theo was abusive, then he simply should have avoided contact with Theo.


            Interestingly enough, it is mentioned in the article that it wasn't until recently that Theo discovered the 'real' reason he was kicked out. I would a) be interested in knowing what he believes the reasons are, and b) how he found out this supposedly secret motivation.


            Theo was asked to do something pretty damn simple; promise not to abuse people anymore.


            If I ever had secrative action taken against me (access instantly revoked without warning, punished based on charges that I could not challenge, made by an accuser I was not allowed to face) I wouldn't even do as much as Theo did... So I suggest you get off your 'Theo is evil' kick unless you really want to discuss who was really being the ass.

  • Poof! the old vm disappears
  • I think it is an established habits that releases happen on 1st Dec and 1 June every year.

    On the plus side, you don't have to answer to the question "when will be the next release" ...
    • Most relevently is that int's only really in the month or so after a release (rather, the month starting a couple of weeks after a release) that Theo gets a holiday.

      With that in mind, the Dec 1st release date was obvious.
  • MandrakeBSD? (Score:5, Insightful)

    by timothy (36799) on Thursday November 29, 2001 @01:51PM (#2632253) Homepage Journal
    a) Theo and company (good company) don't need or seek new users just to be popular. They like doing what they do -- I know that. Don't take what I'm about to say as marketing advice to them, so much as a pleasant wish. It doesn't impose an obligation or demand on the OpenBSD guys, and I know it. Still ...

    b) I'm surprised (not to say hurt, disappointed and disconsolate) that no one (am I wrong?) has come out with the equivalent of Mandrake to at least one of the BSDs -- and by equivalent I mean in a certain superficial but important way: user-friendly, pretty install, emphasis on user experience, intelligibility.

    c) Really, I'm just talking about the install. Something with some graphical flair, built-in help system for new users, and a game or two, or a little slideshow, or some interesting history text files, *something* built in to play while slow parts of the install proceed. No accounting for taste, but I think there are a lot of good graphic artists (all the Ximian stuff, for instance, and many great KDE examples) working in the world of free software. (Hey, I also like the BSD art, so obviously I am open for attack by the art critics;)).

    I name Mandrake as my prototype here, just because I happen to like their stuff -- RH also makes a pretty install, not quite as cute, and so do several other distros. But Mandrake is in Walmart, which suits my example ("Walmart: making things accessable to the masses")

    Cheers,

    Tim
    • I've said it before, and I'll say it again:

      I think if the unix trend continues and Microsoft (/.'s favorite punchingbag) wants to dip their toe into the market they may do exactly as you say.

      They have a BSD licenced code base to build off, can claim it's "Linux compatible" and would be able to say its one of the safest OS cores around. Make it a little pretty, make some changes to intergrate their products and they're in business.

      Pie in the sky thinking of course, but I wouldn't doubt if there's a skunkworks somewhere in Redmond playing around with one of the BSDs in such a fashion, just in (the one in a billion) case.
      • But Windows NT is *kinda* that deal. Granted it is not OpenBSD based, but the NT kinda rose from the ashes of VMS. Not linux compatible, but still a sort of *nix aimed directly at competitors.
        • Re:MandrakeBSD? (Score:4, Insightful)

          by Jason Earl (1894) on Thursday November 29, 2001 @05:20PM (#2633449) Homepage Journal

          VMS is the original anti-UNIX. It later added some general POSIXy behaviour simply because everyone was using UNIX. Windows NT also had the stated goal of becoming "a better UNIX than UNIX," but they certainly haven't spent much time actually trying to be Unix compatible. Their POSIX layer is a joke, and they don't even have a decent way to fork() for crying out loud.

          Besides, while Microsoft almost certainly is looking into "borrowing" portions of BSD code (which will then magically become innovative), they aren't ever likely to actually release an OS that is Unix like. Part of the fun of the BSDs, Linux, and Commercial Unixen is that it usually isn't too much trouble to port your software from one of these platforms to a different one. This is precisely what Microsoft wants to avoid. Microsoft wants the equivalent of a one way valve when it comes to software portability. They want for it to be easy to port from Unix to Windows, but they want it to be impossible to port from Windows to Unix. Clearly shifting to a BSD based OS would work against them.

    • Re:MandrakeBSD? (Score:3, Insightful)

      by wiredog (43288)
      Why? Mandrake is aimed straight at the Desktop. RedHat aims at Windows NT users. The BSD's aim at unix sysadmins who Know What They Are Doing. Open/Free/Net don't need a User Friendly graphical install interface because their current interface is friendly to the users they aim at.
      • Open/Free/Net don't need a User Friendly graphical install interface because their current interface is friendly to the users they aim at.

        And yet, the other OSes that aim at those same users, such as Solaris, AIX, and HP/UX, do have GUI installs.
      • That's a funny attitude to take. An install with an graphics mode would do much to dispell the image of BSD as a niche OS. And seeing as both FreeBSD and OpenBSD are commercial products, one would think that their repective owners would be keen to broaden their appeal.


        Besides, adding GUI doesn't necessarily represent a "dumbing down" of the product. The installer can still ask the same questions, but in a more user friendly manner.

        • Re:MandrakeBSD? (Score:2, Interesting)

          by Arandir (19206)
          The installer can still ask the same questions, but in a more user friendly manner.

          Why does a "more user friendly" installer have to be a GUI? What is there about a GUI that makes things easier? I've asked this question before in other forums, but I've never gotten a straight answer.

          To be sure, there are many advantages to a GUI, but I don't see where "user friendly" has anything to do with it.
          • User friendly can be little things such as being able to mouse around dialogs instead of tabbing, or providing help in a more readable font, or visual hints such as grouping related options together, or the liberal use of colour and graphics to denote progress, and just generally being less intimidating than a text only console. It's also gives early reassurance that the OS actually recognizes your mouse and graphics card.


            To be sure you can royally screw up a GUI and make it as nasty as you want, but if done sensibly it does make installation more pleasant.

        • Re:MandrakeBSD? (Score:3, Interesting)

          by Pope Slackman (13727)
          Besides, adding GUI doesn't necessarily represent a "dumbing down" of the product. The installer can still ask the same questions, but in a more user friendly manner.

          I see that as being a pointless waste of effort.
          Why would it be good to work on a graphical installer (which entails difficult and failure-prone things such as video device detection) that does exactly the same think as a console installer?
          The only benefit is that it would look prettier - installation would still remain just as "difficult"[1].
          The utilitarian console installer works fine, and I see no reason waste man-hours on changing it, when that same time could be spent improving important things.
          Cute graphical installers are just frippery.

          C-X C-S
          [1] Difficult in quotes because I've done several OpenBSD installs and never found it to be any more difficult to install than Linux or NT.
          • I see that as being a pointless waste of effort.

            And that is why the *BSDs are an "also-ran".

            Cute graphical installers are just frippery.

            The same can be said of cute ncurses-based installers. Why not just make everybody edit a text file on the boot floppy?

            Or of EMACS; why not just use ed? All that extra functionality is just frippery.
            • Re:MandrakeBSD? (Score:3, Insightful)

              by Pope Slackman (13727)
              And that is why the *BSDs are an "also-ran".

              Believe what you like.
              I'm not even sure the OS race has started yet, let alone ended.
              Besides, not everyone is after "world domination", some people just want a secure, reliable OS.

              The same can be said of cute ncurses-based installers. Why not just make everybody edit a text file on the boot floppy?

              Some things (NIC detection, for example) are better when interactive, and a console-based installer provides that capability with a minimum of work on the coder's end, and maximum compatibility for the user.
              (But in some cases (like setting up a bunch of identical boxes) a text install config file can be /really nice/ for automation.)

              Or of EMACS; why not just use ed? All that extra functionality is just frippery.

              Where'd that come from? The original post was talking about making a GUI installer
              that had no more inherent functionality than the console installer.
              Your analogy is bogus, as it misses my original point.

              C-X C-S
              • Or of EMACS; why not just use ed? All that extra functionality is just frippery.

                Where'd that come from?


                The C-X C-S in your signature.
                • The C-X C-S in your signature.

                  Um...yeah. I figured.

                  I was wondering where the EMACS/ed comparison itself came from...

                  C-X C-S
                  • I was wondering where the EMACS/ed comparison itself came from...

                    An example of how one person's frippery is another's functionality.

                    GUI administration interfaces make the difference between me getting paged in the middle of the night and telling an Operator "do this", and me getting paged in the middle of the night and having to get up, log in, and do it myself. I actually got paged during sex last night, with a mandatory 7-minute response time, so I really appreciate shorter calls. :-)

                    GUI installation interfaces serve similar purposes, but more importantly, they sell CDs. More people using the software leads to more hardware vendors supporting the software, which is A Good Thing. Since OpenBSD sometimes puts sales ahead of proliferation (otherwise they'd make their ISOs downloadable), clearly this is a goal that's not on the bottom of the priority scale.
          • I see that as being a pointless waste of effort.

            I don't understand the prejudice which a lot of oldster unix guys against graphics. I reject your frivolous argument as insincere, since text based console tricks have a long and rich tradition in unix. Look at the emacs feature that tells you the phases of the moon, gazillions of aphorisms, the names of programs such as fsck or daemon, lots of text based games. People like to have fun with their computers. That's just as important as anything else a home computer or workstation does. What you don't like is graphics. Well, grow up. See that there's no difference between graphics frivolity in this generation and text frivolity in yours.

            • My GUI Installer Experiences:

              Corel LinuxOS: Crashed every time it tried to probe the video card, even though the XFree86 documentation clearly says in unambiguous terms not to probe my video card. I found now way around it, and no obvious textmode installer to fall back to. It's the only Linux distro I have never been able to install. It's was also cited as a model for user friendliness before even the newbies gave up on it. (it wasn't an obsolete card)

              SuSE Linux: On a friends computer: His card did not have a standard VGA mode (seriously) but that was the mode that the installer wanted to use. On the bright side, at least it was easy to get to a textmode installer. (it wasn't an obsolete card)

              Installers have to be, by definition, a one-size-fits-all program. Unfortunately there is no such thing as a one-size-fits-all graphics standard. The PC video display industry is anything BUT standard. As my friend's computer demonstrated, even the VGA display standard is not standard. The only display that every PC can be assured of having is a textmode console.

              I'm not prejudiced against graphics. I love the GUI. But I love reliability more. I have learned through painful experience that setting up XFree86 by hand is more reliable than trusting the installer to do it automatically. Go ahead and make your super-duper works-on-anything GUI installer, but keep a textmode installer around for those that require it.
        • The problem with them is that they make basic assumptions about your hardware.

          Every Intel box in the universe is capable of putting up characters on the screen. Anything past that, you're making assumptions.

          The *BSD installers can be setup on a box with a Hercules graphics card.

          And you wonder why you'd want to do that? Well, let's say you're setting up a server. The normal way I have of getting a server going is to plug in a video card - any video card, junk is great - get FreeBSD going on it, get a telnet or ssh daemon running, and then compile a custom kernel with no video card driver & rip that sucker out of there. Because there's no GUI, I can do that.

        • That's a funny attitude to take. An install with an graphics mode would do much to dispell the image of BSD as a niche OS. And seeing as both FreeBSD and OpenBSD are commercial products, one would think that their repective owners would be keen to broaden their appeal.

          Two words: "serial console".

          For me, one of the biggest advantages of OpenBSD is that it can be installed, configured, and maintained over a very low-bandwidth channel. This is very useful when you are building servers to be installed in colocation facilities, where you don't have easy physical access.

          It is very easy to do a network install of OpenBSD onto a server with no CD-ROM and no video card. All you have to do is connect a network cable and a serial terminal[1], and add a 1-line configuration file to the standard boot floppy. Then you will be able to do the entire installation over the serial console. Linux can be set up for serial-console operation once it's installed, but I haven't seen an installer that supported it as well as OpenBSD does. I have better things to do with my time than plug a video card in just so I can install an OS (especially on a 1U server like the Intel ISP1100, that comes with no video card and only has one full-size PCI slot).

          For my money, OpenBSD _is_ a "niche OS", and that niche is sitting between my network and the outside world. It does that very well - the grouchy, spiky blowfish protecting the soft, naive Penguins on the inside. I would be very annoyed if OpenBSD started adding graphical "fluff". That's what SuSE is for (the 7.3 installer does look very nice, I must admit).

          FreeBSD, on the other hand, would probably benefit from a graphical installer. It's more of a general-purpose operating system, and it's already menu-driven. Adding VGA graphics would give it a more modern feel (as long as it was still possible to do a text-mode install).

          [1] e.g. a Palm IIIx running a terminal emulator. Yes, I've done it, and it worked just fine.
          • That's a valid point, but I didn't say the GUI would *replace* the text based installer. I see it working in much the same way as Mandrake or Redhat do - choose console install at the start and that's what you get, otherwise the default is a GUI.


            As I mentioned, both these OS's are commercial products. The case for a GUI is much stronger for FreeBSD (it's screaming for one), but both could benefit.

    • OMG. Is it a troll? I really cannot tell.

      Errrr, FreeBSD is dead easy to install. It's dead easy to get KDE2 going on it too. But not pretty. Just ncurses, sorry.

      something built in to play while slow parts of the install proceed

      What slow parts of the install? Get a faster computer :) Go make a cup of coffee.

      How bizarre.

      Dave
    • A gui installer is in the works for FreeBSD. One of the things that's being worked on for 5.0 is the libh installer which will componentize the installer so that you can throw an ncurses or qt frontend on it and have whatever kind of installer you want.

      The current installer is a piece of junk that they threw together as a temporary measure back in the 2.2 days. It's only now getting replaced - see man sysinstall to see how what happened.
  • What is the status of pf as of now?

    Is it stable, secure, and feature complete or is it recommended to install ipf from other sources?
  • I though they had just released 2.5 ?
    Code at the speed of light!
  • I'm interested in running OpenBSD for my NAT gateway, though I'm left with a lingering issue..
    Does OpenBSD include any support for decent irc connection tracking like what is available in iptables for linux? I have people behind the gateway that use DCC within IRC, and without good connection tracking, I'm not sure how to go about securely allowing one or more people to use IRC and have DCC work.
    Everything else I plan on using this system for (software RAID, NIS+, samba PDC and fileserver, NFS) seems to be fine, but this one little nitpick of mine may keep me off of OpenBSD.
    Also, how is the raid implementation as far as moving the array from one openbsd install to another, and is there any semblance of lvm there? The volume management stuff w/ resizable partitions would be nice, but by no means necessary..
    • Use tircproxy [klaki.net] in transperant mode. I have found it to work better then either the linux or OpenBSD irc modules. As an added advantage you can tie it in with auth/identd to work with IRC servers that require it. I run OpenBSD identd with the -h option to hide users which works quite well.
  • The blurb on /. home makes it sound like SoftUpdates are something new, which is just being introduced. That stuff's been around for a bunch of years now.
  • by chrysalis (50680) on Thursday November 29, 2001 @02:10PM (#2632383) Homepage
    The big new feature in OpenBSD 3.0 is pf.
    • Interesting stuff in pf over ipf : the configuration file accepts a very similar syntax, but with very handy shortcuts, especially expansion. For instance you can write { pop,smtp,imap } in a rule to specify a list of ports, instead of creating multiple rules. It also accepts macro substitutions. You can easily write very clean configuration files.
    • Interesting stuff in pf over ipfw/ipfiler/iptables :
      • scrub : just give an interface name, and pf will "normalize" everything coming to this interface. Packets will get cleaned up and reconstructed : your local network will only see clean packets, nothing that could be dangerous for badly written IP stacks.
      • tcp state modulation : this feature dynamically remaps tcp sequence numbers, to give the excellent entropy of OpenBSD stack to all your traffic. It means that servers running Windows, badly configured Solaris or older FreeBSD versions can be protected from session hijacking, even through their stack has weak sequence randomization.

    pf seems to be very stable so far. Just don't forget to apply the related errata if you're planning to use IPv6.
    Another great feature of OpenBSD 3.0 regarding network filtering/routing is the integration of AltQ, that brings quality of service to your IP traffic. It basically has the same (but very flexible and efficient) algorithms and class system that Linux has. But it's very nice to see it in OpenBSD.

  • ISO download (Score:5, Informative)

    by Syberghost (10557) <syberghost&syberghost,com> on Thursday November 29, 2001 @02:16PM (#2632436) Homepage
    As Theo says himself in his interview, people who don't like his model of selling the ISOs are free to make their own. This will hopefully quiet the stupidity that usually follows this announcement:

    As usual, ISO images here [zedz.net].
  • by alexhmit01 (104757) on Thursday November 29, 2001 @02:23PM (#2632487)
    We use OpenBSD exclusively for our web servers. We moved our database servers from OpenBSD to Linux. I look foward to migrating our systems (some 2.8, some 2.9, one that I broke trying to do a fancy 2.8->2.9 upgrade...) when our CDs arrived. We figured that we use OpenBSD a lot, owning a bunch of CDs was worth it. Alas, it is is still cheaper than the copies of RedHat that we pick up.

    OpenBSD has a real problem that I was never able to resolve, this makes it worthless for a database server. The machine is quite "efficient" with memory, which let it run with very little memory. However, with a lot of memory (our db servers normally have 1.5GB -> 2GB, I LIKE giving PostgreSQL lots of buffers and sortmem) there is little documentation on tweaking the system. I even contacted the developers in charge of the SysV memory support, etc., and they thought I hit the crack rock a little to hard.

    For web servers, however, I'm quite comfortable with our OpenBSD servers sitting open on the Internet. I'm terrified of a RedHat box not being hidden. As a result, I keep the database nice and hidden.

    Linux blows OpenBSD's performance away. This is a matter of Linux focusing on performance. However, for web servers (that for us just run PHP, mod_rewrite, and some other toys) I don't care... When I need more web serving power, I buy another web server for $2K. Having SSL built in to Apache is nice, and the ports is too fucking slick.

    BTW: OpenBSD seems to run quite nicely on my Penguin Computing 1U servers... :)

    Alex

    I expect to keep our production servers on 2.9 for 2-3 months, but move development to 3.0.
  • by snake_dad (311844) on Thursday November 29, 2001 @04:45PM (#2633267) Homepage Journal
    was that the cd's were available earlier than expected, according to this message from Theo at the OpenBSD Journal.

    Btw, the headlines from this site are available as a slashbox, just check the box in your /. preferences [slashdot.org].

    Snake_dad (who runs Linux, Winedose, Novell 3.12 and ... OpenBSD :-)
  • This news (both Theo interview and others) has been up for a few days on OpenBSD Journal [deadly.org].

    Slashdot readers who have made an account and are logged in can customize their display [slashdot.org] to add the headlines from OpenBSD journal and other sites to their main slashdot page, and catch news like this as it happens. It's a neat feature. ;)

  • I'm getting sick of this constant stream of freshmeat-like announcements of Linux-specific junk. You know there's more in the world than just Li... oh, you said OpenBSD! ;-)

    -Aaron, who has seen too many serious posts that began with similar statements
  • From the interview:

    Some vague claims have been made that the fuss was over stuff that I said. Well, if anything I said back in those days was a crime against the community, I would say it again. And as anyone on our mailing lists knows, I am not someone to mince words. I say things as they are. Slackers are called slackers, people who can't read manual pages are called losers, and in general, calling things what they are results in developers wasting less time.
    You gotta love comments like these! Well, you might not, but I do anyway. I say, why hide behind glossy, laminated marketing? (By the way, I'm not trying to say anything against the NetBSD team. They're good folks and NetBSD is a great product, as is OpenBSD.) All I'm saying is that people should say things as they are. If you can't read a man page, you shouldn't be using a computer! It's as simple as that.

    Oh well.

  • Theo included a good link [usenix.org] in his interview...

    I just finished reading it and it is some wonderful information. Seriously, everybody who runs any of the BSDs or Linux should read this paper. It will give you a much deeper understanding of what's going on and why, and this will lead to better choices when you configure your next box (or maintain those you're running right now). As always, reliable operation of any machine (be it a computer, a car, or a nuclear power plant) depends heavily on knowledgeable use and proper maintainence.

    Oh well.

3500 Calories = 1 Food Pound

Working...