OpenBSD 3.2 Available 331
fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"
Re:Well, I'm waiting for a downloadable iso (Score:5, Informative)
IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.
Otherwise, buy a CD.. we need the money.
Re:OpenBSD questions (Score:3, Informative)
Re:FreeBSD (Score:5, Informative)
Re:FreeBSD (Score:4, Informative)
Re:FreeBSD (Score:5, Informative)
OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.
On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . .
OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.
The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.
To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.
Re:*BSD (Score:5, Informative)
Depends who you talk to ;)
A good place to start is here [openbsd.org], to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal [deadly.org] to see what people do with it.
My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.
Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.
Re:I'm waiting (Score:4, Informative)
Re:*BSD (Score:4, Informative)
Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.
They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.
Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.
OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").
What are you waiting for? (Score:3, Informative)
SMP Support.
And there's a new song, too (Score:3, Informative)
This time it's a Bond-movie theme, which matches the new logo [openbsd.org].
-jfedor
Official 3.2 CD and Poster available too (Score:3, Informative)
Support the OpenBSD developers by getting a
3.2 CD $40 [openbsd.org] or for Europe EUR 45 [openbsd.org]
The new new 3.2 poster [openbsd.org] is very nice too, get it for [openbsd.org]
$10 US or EUR 14 in Europe [openbsd.org] The European size is 70x100 cm
Re:Minimum hardware requirements? (Score:2, Informative)
You'll need at least 32MB if you will install OpenBSD. Could be 16MB, but you'll have to turn swap on during install, as the Installation Guide will tell you.
Just be careful to read it, and you'll be running OpenBSD in less than 20 minutes.
Re:Still won't boot above 8 Gig (Score:5, Informative)
Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.
There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.
I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.
6 months (Score:2, Informative)
Every 6 months there is an OpenBSD release.
Every time they add
It is a simple as that.
Re:New PF syntax info (Score:3, Informative)
pf.conf(5) [openbsd.org]
pfctl(8) [openbsd.org]
pf(4) [openbsd.org]
Re:FreeBSD (Score:2, Informative)
FreeBSD has softupdates too.
Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd)
portmap is turned off by default in OpenBSD 3.2.
The perfect OS for those who want a secure router, and/or single/few-function server.
my OpenBSD workstation runs the same apps i need to work as my linux workstation does, and that is quite a few apps, yes i do real work.
This isn't an appropriate choice if you need more than a commandline, really,
X works fine in OpenBSD and i bet most users who use OpenBSD use X on OpenBSD desktops and commandline on *all* their Unix servers, regardless of flavour (why should a dedicated webserver/firewall/database need X running?).
The real Release notes: (Score:5, Informative)
Please go to http://deadly.org where they did make it through.
OpenBSD use. (Score:2, Informative)
It has been over two years (since 2.7, actually) since OpenBSD sucked me in with its simplicity, security and *good* documentation.
In that time I have never started Xwindows on an OpenBSD machine. There is no need.
OpenBSD has been a solid firewall, router, bridge, MX, DNS server, NIS, NFS, Web, SSH/SCP/SFTP machine with nary a GUI to be seen.
With 3.2 they have finally done superb work with locking down services. This is even extended to services that are not on by default, such as apache. They have also gotten right of that annoying
Re:Most Secure OS (Score:2, Informative)
"Most of the known software vulnerabilities announced in 2002 affected Microsoft Windows (44%) followed by Linux (19%), BSD (9%) and Sun Solaris (7%). By comparison only 0.5% of the vulnerabilities announced in 2002 affected SCO Unix, and 1.9% affected Mac OS and Compaq Tru64 systems respectively."
It might be that no one is noticing mac or BSD flaws beacuse many fewer people care. A straight line weighting doesn't make sense either. We should expect a diminishing marginal return on eyeballs. The point is that this overstates Linux and Windows bugs and understates the others(actually I don't know usage rates on Linux but I assume it is the third most used OS.)
Re:It's good, but not that good (Score:3, Informative)
VMS is architected such that overflowing data cannot be executed (i.e. doesn't get passed along to the shell). As far as the kernel level code itself is concerned, overflows don't occur in the first place due to the universal use of descriptors to pass data to system-level calls.
The complete OpenVMS doc set is available on the web from a link at http://www.openvms.compaq.com [compaq.com]. There are also several good books on OpenVMS internals, with links to info on them available at the same place.
Re:yes, we need SMP (Score:5, Informative)
1) It makes security that much harder. Think
2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.
Re:Same horrible fdisk and disklable process? (Score:1, Informative)
for arbitrary units (ie - m, g, k, b, c (cylinders)) to fdisk a while back, so
a calculator should not be necessary anymore.
just do a "p m" in fisk like you used to do in disklabel.
Re:OpenBSD questions (Score:2, Informative)
Re:It's good, but not that good (Score:4, Informative)
Y'know how OpenBSD used to brag about "X years without a remote root exploit in the default install"? These days, it's NetBSD that carries the "longest since remote root in default" banner, and they'll continue to have it (though they're a bit to understated to brag about it) until OpenBSD turns off incoming SSH and RPC.
Think that's a silly argument? Check your nearest OpenBSD box. Is it running RPC? Does it need to be? Isn't "turn off unnecessary services" one of the fundamentals of securing a box?
Re:OpenBSD based floppy firewall? (Score:3, Informative)
not quite OpenBSD, but it's a BSD that fits on a coupla floppys.
Re:OpenBSD based floppy firewall? (Score:3, Informative)