Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems BSD

OpenBSD 3.3 Released 348

Posted by timothy from the darpa-funding-be-damned dept.
An anonymous reader writes "OpenBSD 3.3 was released today, with many new features, including integration of the ProPolice stack protection technology, W^X ('write xor X') on sparc, alpha and hppa, privilege separated XFree86 and an incredible number of enhancements and stability improvements to the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting. Information on the release can be found here and download sites are listed here. (Also, here's a handy way to speed up your DSL connection - prioritizing empty TCP ACKs and ToS low-delay traffic with OpenBSD 3.3's pf.)"
This discussion has been archived. No new comments can be posted.

OpenBSD 3.3 Released More

OpenBSD 3.3 Released

Comments Filter:

  • OpenBSD 3.3 Song (Score:5, Informative)

    by dknj ( 441802 ) on Thursday May 01, 2003 @12:40AM (#5850525) Journal
    Lets not forget about the OpenBSD [openbsd.org] Song [openbsd.org]

    -dk

  • OpenBSD = Coordinated Innovation (Score:5, Insightful)

    by coene ( 554338 ) on Thursday May 01, 2003 @12:47AM (#5850547)
    I'm continually impressed by the amount of improvements in each new release of OpenBSD, the frequency of the releases (6 months), and the sheer amount of value that each new release brings.

    If anyone hasn't tried OpenBSD yet, give it a shot - you're certain to appreciate the quality that goes into it.

    • Re:OpenBSD = Coordinated Innovation (Score:4, Insightful)

      by JungleBoy ( 7578 ) on Thursday May 01, 2003 @12:57AM (#5850583)
      I hope OpenBSD has gotten easier to use and install. Its not for the faint of heard. Last time I used it (2.something) post install configuration was non existant. it was like:

      "Here's some iron ore, build a truck"

      I can vi ascii files, but getting X running was an absolute chore, it was reminiscent of Slackware back in the 1.4 kernel days.
      • I hope OpenBSD has gotten easier to use and install. Its not for the faint of heard. Last time I used it (2.something) post install configuration was non existant. it was like: "Here's some iron ore, build a truck"

        I dunno, I've always found it quite easy. You've got about 5 or so tgz files that it downloads (I always do ftp installs) and decompresses them. I find it simple and clean.

      • Re:OpenBSD = Coordinated Innovation (Score:5, Informative)

        by evilviper ( 135110 ) on Thursday May 01, 2003 @01:24AM (#5850668) Journal
        What's so difficult about getting X working? Use xf86cfg or xf86config to make the config file, then change xdm=NO to xdm="" in /etc/rc.conf (the comments will tell you as much, BTW).

        Maybe you should have checked out the FAQ on the website or man afterboot ...

        I don't know what to tell you if you can't do that much without more hand-holding.

      • Re:OpenBSD = Coordinated Innovation (Score:5, Interesting)

        by Ryvar ( 122400 ) on Thursday May 01, 2003 @01:24AM (#5850673) Homepage
        OpenBSD, while a capable desktop, isn't primarily intended as such. It's strengths are in the realm of the firewall, gateway - the commandline leftover Pentium 200 that makes a nice mailserver. It's focus as security, and security demands a 'disabled by default' approach.

        There isn't much there to begin with when compared to FreeBSD or Linux because of this philosophy. While it's not exactly politically correct to say so within the OBSD community, it's sort of an accepted truism that 'less is more', and you're better serviced by one of the former two OSes if you're for ease of use and a desktop OS. GUIs and user friendliness = reams of unaudited code = lots of bugs. That said, the GOBIE project IS looking to overhaul the OpenBSD setup process, at least, so hopefully things will be easier for everybody in the future.

        Personally, I came to OpenBSD three years ago after having used RedHat for only six months and having gotten my box owned *HARD* - while it took a bit to figure everything out for a relative *nix newb, I can vouch that the payoff is worth it if you're willing to invest the time into making sure you never get owned again (not that there are any 100% guarantees with any software).

        --Ryv

        • Getting 0wn3d (Score:4, Informative)

          by jmorris42 ( 1458 ) <{jmorris} {at} {beau.org}> on Thursday May 01, 2003 @04:00AM (#5851027)
          Oh it isn't that bad. Pull the network plug and clean up the mess. Preserve the corrupted files for later and restore from your backup. (you DO have a backup, right?) and then use the RPM database to verify all of your binaries to make sure you weren't owned when you made the backup. Verifying the critical files against the installation media will ensure against a trojaned rpm/database.

          Then once you are clean again, examine the saved files and try to figure out how they got in. Learn from your mistake and carry on.

          Happened to me a couple of times, usually when I make a mistake in configuration or don't keep up with the errata. Yes I'd like to connect electrodes to the script kiddies testicles, but it really isn't something to get bent overly out of shape over either.
          • ...and remember, every local root hole is almost certainly remote rootable too.

            It's a good job I stopped the Linux =2.4.19 ptrace kmod local root hole, or I'd have been rooted on Sunday morning (see my journal).

            Ironically, the skript kiddie hasn't been too careful, and he has left the PHP shell unpassworded and unprotected on his system. Running a uname -a through it shows that he's running a vulnerable kernel. I now face a terrible internal struggle - do I play ethical and just email abuse@chello.nl agai

            • Re:Getting 0wn3d (Score:5, Insightful)

              by runderwo ( 609077 ) <runderwo@mail.wi ... rg minus painter> on Thursday May 01, 2003 @08:33AM (#5851585)
              Ironically, the skript kiddie hasn't been too careful, and he has left the PHP shell unpassworded and unprotected on his system. Running a uname -a through it shows that he's running a vulnerable kernel.
              Erm, careful. What makes you think this isn't some other innocent person's box that the kiddie owned in the first place, perhaps as a cover while building up a botnet by owning other boxes? After all, it has the same vulnerability he's trying to exploit on yours. He probably just got to it first.

              It's too easy to get on the wrong side of the law these days, and you might have a wrong target to boot. I wouldn't risk it.

            • Re:Getting 0wn3d (Score:4, Funny)

              by Dark Lord Seth ( 584963 ) on Thursday May 01, 2003 @09:06AM (#5851782) Journal
              do I play ethical and just email abuse@chello.nl again

              Speaking as a Chello.nl subscriber: Don't even bother. They let their members violate every little bit from the EULA, including the running of webservers, FTP servers, IRC server, other servers, NAT gateways, etcetera. And I'm talking from personal experience here ;)

          • Re:Getting 0wn3d (Score:2, Insightful)

            by jjackson ( 83961 )
            You've got to be kidding me.

            Unless you spend all day chatting on IRC or playing UT2k3/NWN on your box and that is the best you can put it to use, having your system compromised can be very serious.

            Personally, I use my computers for my online banking, my business billing/invoicing system, not to mention the fact that I have quite a bit of sensitive personal and business information stored in spread sheets and oo.org documents.

            This type of thinking (getting hacked is no big deal, so I will be lazy about se

      • Re:OpenBSD = Coordinated Innovation (Score:5, Interesting)

        by coene ( 554338 ) on Thursday May 01, 2003 @01:38AM (#5850717)
        I dont think it's a matter of whats easier, but what fits your need, and what you're used to. I prefer OpenBSD to any other OS. Configuration is a snap, easier for me than any other OS.

        Between /etc/rc.conf and pkg_add, IMO it can't get any easier. I get lost in the myriad of configuration files present in current Linux distributions.

        Also, the source where you will get information on OpenBSD (for example, setting up X) is VERY different from what you'd expect for Linux.

        Namely, OpenBSD has EXCELLENT manual pages. Also, the online documentation is very helpful for new users, as it clearly explains the basics of the system, and where to start if you're unfamiliar with it.
        • Once you get used to it OpenBSD is not at all difficult to install. I use it entirely for network security (five machines) so I've never bothered to install X.

          The man pages are excellent. The only place I've been bit is that the dclient man page doesn't mention that it runs a script in /sbin/dhclient (which is not an obvious place to look) and that this script clobbers resolv.conf That was a bugger to sort out back in the 2.6 days when I didn't what I know now about DNS and resolvers.

          Since the 3.2 rel

        • As someone who is currently ditching redhat for openbsd, I don't care for rc.conf at all.

          However, I am certainly looking forward to not upgrading my kernel/glibc every three months. My complaints are mostly cosmetic.

      • Re:OpenBSD = Coordinated Innovation (Score:5, Informative)

        by debilo ( 612116 ) on Thursday May 01, 2003 @01:41AM (#5850724)
        Check out the G.O.B.I.E Project [gobie.net]. It's a graphical installer for OpenBSD.

        From the web site:
        The main goal of the GOBIE is to add a graphical installation of the famous OS OpenBSD. This project has bee developped in the spirit of OpenBSD which means that the installation is as close as possible as the text one.

        GOBIE wishes to add some value to the product by developping installation modules to known servers such as Bind, Sendmail, Inn, Apache...

        Here are some screenshots [gobie.net] - looks pretty cool to me. The only downside to it is that the release is scheduled for July and thus not availabe yet, so keep your eyes open. It seems like a project that is worth supporting.

      • They didn't have

        man afterboot

        then? (Incidentally one of the best man pages you'll ever read. Everyone should have one).

        And did they not have xf86config ?

        Seems unlikely, but then I have only ever used 2.8+ IIRC.

        The biggest hurdle for most people is getting around the idea of BSD "slices." But it makes sense and there are good reasons they did it that way. The installer and help are very good, actually. I would have to say OpenBSD has some of the best docs of any system out there, period.

      • Its intended target is secure network services, not as a workstation.

        Trying to shoehorn it into that mode would defeat the whole idea of it being secure, as 'un-ceritifed' apps would break that faster then you can blink....

        If you want a BSD desktop, go FBSD.. and keep OBSD on your server/firewall/etc where it belongs.....

      • I hope OpenBSD has gotten easier to use and install. Its not for the faint of heard.

        Easier to use? Learn it and you will never look back. Seriously. Read the FAQ, man afterboot, there are some OpenBSD specific books coming out... I am pretty much finished with Linux (although Gentoo interests me for media/MAME console), I'm only keeping up with it for employment reasons.

        Easier to install? OK, if you're not going to use the whole disk, then it can be trickier than Linux to install at first, but besides th

  • If Microsoft wants to steal... (Score:4, Funny)

    by mfifer ( 660491 ) on Thursday May 01, 2003 @12:51AM (#5850561)
    ...from someone *besides* Apple, OpenBSD is the bank they should look at!

    Aside from maybe the esoteric trusted OSes (i.e. Trusted Solaris), is there really another "mainstream" OS people can just rely on for security?

    Hell, Bill G oughtta just start waving $$$ in front of Theo and company until they all say "OK, that will do" and join MS to show them Redmond boys the Right Way (TM) to lock down an OS*!!!

    * of course the Office team would no doubt open right back up any holes the new security-conscious OS team closed down...

    • Re:If Microsoft wants to steal... (Score:3, Insightful)

      by Anonymous Coward
      Not really.

      Bearing in mind that security is, code flaws aside, one side of a balance between security and user features, OpenBSD, from what I can tell, more than pays the price for its security in lack of features. For example, Outlook is notorious for its security flaws. Most of these seem to stem from all sorts of abilities to run code embedded in emails. Did MS coders do this because they were stupid and forgot not to code in this feature? No, they did it because it is indeed a feature, when not abused.
      • > OpenBSD, from what I can tell, more than pays the price for its security in lack of features.

        I wouldn't necessarily say that. If anything, OpenBSD shows you can be secure without a great deal of sacrifice, it just requires applying talent and effort (which the OpenBSD team has). Just look at PrivSep XFree86. You don't really lose anything by doing it that way, afaik. It just wasn't being done before, somebody needed to code it.
    • Maybe someone can explain this to me. As I probably misunderstand it, darwin is based on BSD. so presumbaly any imrpovements in openBSD are easy to migrate to Darwin and OS X?

      when can I expect I get my security enhancements in OS X?

      • Re:Will apple inherit this (Score:4, Informative)

        by coene ( 554338 ) on Thursday May 01, 2003 @01:34AM (#5850701)
        I believe Darwin is based upon FreeBSD. While they share the same name, the same roots, and a lot of the same code, the BSD's (Free|Net|Open) are very different.

        Of all the BSD's, NetBSD and OpenBSD are the most similar, and share the most code, primarily because OpenBSD forked from NetBSD not so long ago. FreeBSD has taken quite a different path to be more mainstream.

        Improvements to OpenBSD should not be impossible to merge into FreeBSD/Darwin, but it's an easy or painless task either - not to mention that FreeBSD and Darwin are quite different. This isn't saying that a fair share of code isn't shared, indeed it is, but it's not a trivial task.
        • Darwin is Mach. It has a FreeBSD 4.4 userland, but does *not* use a FreeBSD kernel. Some of the networking code is used, also, iirc. It's more comparable to the old BSD-lites that ran on top of mach, except that Apple has modified mach to allow the BSD subsystem to share address space with mach to enhance performance. Take a look at this [slashdot.org] article about modifying the NetBSD kernel so that it can run Darwin code. They're different beasts.

          Also, the change to FreeBSD compatibility is recent. The userland

  • Argh! (Score:3, Funny)

    by LooseChanj ( 17865 ) on Thursday May 01, 2003 @12:56AM (#5850577) Homepage
    I'm not done d/l'ing it yet! And it was slow *before* it got /.'ed!

  • and still no SMP =( (Score:4, Interesting)

    by Anonymous Coward on Thursday May 01, 2003 @12:57AM (#5850582)
    I've been using Freebsd on my servers as of fairly recently and so far I love it. As a result, my intrest in BSD in general has grown. I was looking just today at OpenBSD and NetBSD features. OpenBSD looks fantasic and I was about to give it a whirl when I realized they don't support SMP. Now this wouldn't be an overly huge issue if it were primarily a desktop OS. I applaude all the work that has obviously gone into this project. But I will be overjoyed the day I see SMP added to the new feature list. This is NOT a troll. I think the way it stands is extremely impressive. I just want to express my sincere desire to see SMP support. =)

    • Re:and still no SMP =( (Score:2, Funny)

      by Anonymous Coward
      Yes. They've wasted so much time on useless security features that they're forgotten to make a functional operating system.
    • While I certainly can't say that "this is ALWAYS the best way to run things", I find it helpful to do split up tasks according to what I view as the respective strengths of each OS.

      Firewall, Mail, and DNS I handle with OpenBSD (running Postfix and DJB's tinyDNS), and my actual website gets run on FreeBSD 5.0 in order to take advantage of SMP - a very, very stripped down FreeBSD, I might add. Looking at my loads, I'm considering setting up a secondary OpenBSD machine strictly for the apache processes, and

    • Re:and still no SMP =( (Score:5, Insightful)

      by dr4ma ( 131729 ) <<ten.nikals> <ta> <todhsals>> on Thursday May 01, 2003 @01:40AM (#5850722) Homepage Journal
      OpenBSD is built around being secure, not on high performance multiprocessor support for hosting huge database servers.

      look [slashdot.org] at /. servers, the web server is a PIII 600MHz and the database server is a quad Xeon 550MHz system.

      Newer desktop systems are equal to the quad box minus the extra cache on the xeons.

      So, IMHO SMP support is not a huge deal and should not be for most sub 1000 user companys.
      • That is old info from what I can tell, they are hosting in Cali now. Plus it mentions RH 6.2, I doubt anyone is running a website on that anymore (shudder).

        • RH 6.2 (Score:3, Interesting)

          by green pizza ( 159161 )
          Plus it mentions RH 6.2, I doubt anyone is running a website on that anymore (shudder).

          HAH! I know of *many* sites that use a RH 6.2 boxes for serving, and even some that use RH 5.x distros as well. Just because RH no longer rolls their own fixes doesn't mean that the distros have dried up. Many sysadmins would rather manually update the software on their servers than go thru the trouble of migrating to yet another distro.

          There are also those that use a heavily locked down ancient distro for serving. Ap

    • Re:and still no SMP =( (Score:5, Informative)

      by mritunjai ( 518932 ) on Thursday May 01, 2003 @02:16AM (#5850818) Homepage
      Theo replied to this a while back

      In an SMP environment, auditing all applications and figuring out all race conditions and resource corruption is a nightmare. You never know when a programmer overlooked the fact that a signal handler and a thread could *actually* be running in parallel and cause a race condition.

      Theo wants to avoid these pitfalls for now. Thus OpenBSD has no SMP support.

      Incorporating SMP support in OpenBSD shouldn't be an issue, mainly because NetBSD from which its derived has had SMP for ages and FreeBSD has it too! The friggin' thing is how to be sure that sendmail's author imagined all parallel excution scenarios and has coded accordingly.

      Trust me, SMP environments are bitch to work in and you should either have professional tools to work with or a really good imagination to work out all possible race conditions.

      • The friggin' thing is how to be sure that sendmail's author imagined all parallel excution scenarios and has coded accordingly.

        Are you sure about that?

        If the OS is properly done, the userlevel applications shouldn't have to worry about if the box has multiple cpus or just one. If something works with one cpus and fails with multiple cpus, then either 1) the OS isn't doing it's job right or 2) there's some subtle timing bug in the (application) code that would probably eventually fail on the right s

      • NetBSD has not had SMP for ages, in face just recently they committed some "real" SMP code. It is freeBSD that has had it for ages.

    • Re:and still no SMP =( (Score:5, Insightful)

      by pmz ( 462998 ) on Thursday May 01, 2003 @11:00AM (#5852538) Homepage
      OpenBSD looks fantasic and I was about to give it a whirl when I realized they don't support SMP.

      Consider what OpenBSD excels at and consider these questions:

      Does a firewall really need two 2GHz CPUs?

      How about a router, modest fileserver, or e-mail server?

      Considering the complexity that SMP would probably add to the kernel (race conditions, data integrity, etc.), it may be counter-productive towards the goal of uncompromising security.

      For bigger servers (4 or more CPUs) just run Solaris, FreeBSD, or Linux behind OpenBSD-based infrastructure. I think this is a tasty compromise.

  • would be nice (Score:4, Informative)

    by Lord Ender ( 156273 ) on Thursday May 01, 2003 @12:58AM (#5850584) Homepage
    This is great news, or would be, if OpenBSD would actually work with our hardware. We use KVM switchs that have a mouse and keyboard plugged into a USB hub. OpenBSD just doesn't have good enough USB support to even install with a keyboard through a hub. And no, changing 'usb legacy support' in the bios does not help the problem. It is a pity. Linux kernel has the same issue, however all recent versions of Windows work fine with it.

    • Re:would be nice (Score:5, Insightful)

      by coene ( 554338 ) on Thursday May 01, 2003 @01:43AM (#5850729)
      The primary install kernel (RAMDISK) does not have support for USB Human Interface Devices (HID). Use PS/2. I know it's a limitation, I've run up against it too. Once you get the OS installed, it will work with the USB KVM fine.

      Or, you could add USB HID support to the RAMDISK kernel on a spare box, and cd /usr/src/distrib && make, and install using the new floppy image.

      • Re:would be nice (Score:2, Informative)

        by Anonymous Coward
        Turn on USB Legacy support

        boot the kernel with -c (bsd.rd -c)

        disable uhci
        disable ohci

        Install using USB keyboard (on KVM switch).

  • Eh? (Score:5, Informative)

    by BJH ( 11355 ) on Thursday May 01, 2003 @01:05AM (#5850608)

    Just to clarify that, W^X is not "write xor X", but "write xor execute". It's a new policy that OpenBSD uses to specify whether memory is writable or executable, but not both.

    This helps prevent buffer overflows on the architectures that support it (sparc, sparc64, alpha, hppa) in that any memory that can be written to cannot be executable, and vice versa - so even if a buffer overflow succeeds in overwriting memory, that memory cannot be executed (or, the memory cannot be overwritten in the first place if it is executable).

    Also note that W^X is also available on x86 in -current.
    • That was all the fun of DOS assembler programming...

      • Re:does *nix not allow self-modifying code? (Score:4, Interesting)

        by BrokenHalo ( 565198 ) on Thursday May 01, 2003 @02:58AM (#5850919)
        If you write in assembly code, you should still be able to by-pass the operating system, if you're clever enough. The days of the Real Programmer are pretty much done, however, and when memory is a lot cheaper than the programmer's time, there's not much advantage in writing self-mod code, no matter how cool it might be :-).

        Last time I wrote this type of code was on Data General's AOS/VS (which pretty much dates it), and DG didn't approve of that kind of thing at all. It didn't stop my program from working, though.

        • Are there any real programs that ever modify their own code, or compilers that output code that does so? OpenBSD seems to be assuming not, and I'd guess they've done their research, but it seems that whenever you forbid something that used to be legal you're inevitably going to break something that used to work.

          • Re:any idea if it's ever done? (Score:5, Informative)

            by Anonymous Coward on Thursday May 01, 2003 @03:37AM (#5850985)
            Sure: Anything that produces machine code at run time needs memory that is writable AND executable. It's not such an esoteric trick -- for example many high-performance Smalltalk and Lisp systems compile everything you type down to machine code instead of using a simple interpreter. Then there are dynamically recompiling emulators, ie. just about any high-performance emulator these days, and of course JIT-compiling Java VMs. That's quite a lot of software to disable.
          • I don't know if it's commonly done now (probably not, though), but when hardware resources were harder to come by, yes, this was quite common.

            Needless to say, this kind of facility was never in the hands of COBOL programmers, for instance, but I wrote lots of self-modifying routines to link COBOL or FORTRAN programs run on diferent machines simultaneously. In those days, it was more or less expected that a decent sysprog should have no real difficulty with that.

  • Steve Ballmer's Comments on BSD (Score:3, Informative)

    by Dag Maggot ( 139855 ) on Thursday May 01, 2003 @01:07AM (#5850616) Homepage
    Relates equally to OpenBSD, kind of a backhanded compliment to the BSDs over Linux.
    The way things are structured today, from a licensing perspective, in the Linux world nobody will ever commercialise Linux the way the Sun commercialised FreeBSD. For some customers, that can be viewed as advantageous. But customers will never really know who stands behind this product. If the lead developer for this component chooses to do something else with his life, who will carry on the mantle for that? The fact that it will never be commercialised is assured by the GPL. The GPL licensing form does that, as opposed to the open-source license for FreeBSD, where you could say Sun took it and commercialised it and can say that they own it. Nobody can ever do that (with GPL).
    Complete interview on Zdnn [zdnet.com.au]
    • Uh, when did Sun commercialize FreeBSD? They had SunOS which had a BSD style init system I think, and then moved to Solaris which has a SysV init system. And they bought out cobalt and sell those linux boxes. Do they have any interaction with freebsd?

  • Only slashdot... (Score:3, Funny)

    by Bearded Pear Shaped ( 665665 ) <nerves@ g m x . n et> on Thursday May 01, 2003 @01:09AM (#5850621)
    the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting.

    Oh WOW!
    My prayers for the packet filter, pf, including address pools for reverse NAT/load balancing, ALTQ integration for network conditioning, and anchors/tables/spamd for spam tar-pitting have been answered!

    Thanks OpenBSD! Thanks for the World!!

  • OpenBSD just makes sense... (Score:5, Insightful)

    by LinuxParanoid ( 64467 ) * on Thursday May 01, 2003 @01:25AM (#5850674) Homepage Journal

    Regarding various troll-slams on OpenBSD... I dunno, I'm using OpenBSD and it's great. Nowhere to go but up, as far as I'm concerned. FreeBSD and NetBSD don't have much of a value proposition in my book compared to mainstream Linux distros, but if you want a secure webserver (or network appliance) without having to patch the thing all the damn time, OpenBSD seems a heck of a lot better than any Linux variant.

    That said, I'm not dogmatic about this; it's just the conclusion I've come to based on the evidence I've seen so far.

    --LP
    • FreeBSD 5.0 seems superior to Linux in the role of webserver when it comes to scaling, and Linux to all other open source OSes (but in overall ranking I'd still put Win2k Pro over it, sadly) for desktop.

      While OpenBSD is certainly the leader in the security and frontline realm, the guys at FreeBSD really have a slew of interesting ideas as far as what directions they want to go in are.

      Can't wait to see what the OpenBSD 3.4 release looks like, though. That's supposed to be an even bigger release than 3.3 -
      • FreeBSD 5.0 seems superior to Linux in the role of webserver when it comes to scaling, ...

        This myth has to die or someone has to prove it, with recent versions of linux and bsd. There have been so many advances with linux (for instance after the mindcraft incident etc.) that I doubt it's true.
        The current advances in linux can clearly be seen over at spec.org, linux with the tux webserver scales nearly linearly to 8 procs.

  • PF FAQ (Score:5, Informative)

    by dolmant_php ( 461584 ) on Thursday May 01, 2003 @01:34AM (#5850704)
    With the new normal FAQ upgrades also comes the new PF FAQ:
    http://openbsd.org/faq/pf/index.html [openbsd.org]

  • Interesting feature - spamd (Score:5, Informative)

    by ch-chuck ( 9622 ) on Thursday May 01, 2003 @01:34AM (#5850705) Homepage
    spamd, a spam deferral daemon, can be used to tie up resources on a spammer's machine. spamd uses the new pf(4) table facility to redirect connections from a blacklist such as SPEWS or DIPS.

    -- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.

    • Re:Interesting feature - spamd (Score:5, Insightful)

      by schwap ( 191462 ) <beauh@NoSpam.schwoogle.org> on Thursday May 01, 2003 @01:48AM (#5850739) Homepage
      - Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.

      Probably 'Free Speech,' but the activity consumes the finite resources of a computer that costs the operator money in electricity, bandwidth, maintenance and access by customers and/or employees.

      There is nothing about 'free speech' that allows one entity to force another to be the carrier or reciever of the idea or message.

      • There is nothing about 'free speech' that allows one entity to force another to be the carrier or reciever of the idea or message.

        They are free to speak, we are free to not listen or to not pass their messages on.

        • They are free to speak, we are free to not listen or to not pass their messages on.

          When "speech" becomes effectively a Denial of Service attack, freedom of speech ends, IMO.

          Examples:

          SPAM -- literally reducing peoples' ability to communicate effectively. This hurts individuals and businesses. The cost to the recipient is real.

          Loud Music -- that bass pumping out of my asshole neighbor's house is not protected speech. It distrupts my family, my quality of life, my own attempts at speech, and is, like S
        • Or, more of a spamd appropriate analogy: ``We are free to stare at them and nod our heads, pretending to be listening, while we are actually ignoring them, and just wasting their time!"
    • I don't see any legality issues on this and ethics, well you want to talk about ethics of spammers?

      basically spamd is going to waste resources of open mail relays and spammers who spam directly from their computers. Besides bandwidth, how is anyone else in the world affected? If you get your e-mail from a mail server that is also an open relay, well than I say you got whats coming. Chances are that server will get blacklisted and you may not receive your mail due to other anti-spam solutions you use (if yo
    • -- Probably questionable legality and ethics on that one, being a real tool in the battle against what some call 'free speech'.

      ITYM "frea speach". HTH. HAND.

  • Google cache of the pf tip (Score:5, Informative)

    by Are We Afraid ( 303373 ) on Thursday May 01, 2003 @01:36AM (#5850707) Homepage
    Looks like the server is already slashdotted. Here's the Google cache of the page:

    Prioritizing empty TCP ACKs with pf and ALTQ [216.239.53.100]

  • Ahh damn (Score:5, Funny)

    by ehintz ( 10572 ) on Thursday May 01, 2003 @01:39AM (#5850719) Homepage
    I was quietly downloading the packages, and then you had to send the /. hoards after it. Now their bandwidth is shot to hell. I mean, I'm all for sharing, but I wanna get my copy before I start sharing... ;-)

  • *BSD is Dying (Score:4, Funny)

    by thanjee ( 263266 ) on Thursday May 01, 2003 @01:50AM (#5850750) Journal
    *BSD is dying to announce that it has once again improved that which was already considered perfect.

    Way to go!
  • AbiertoBSD... claro que lo uso mucho.

    I've been waiting for this release for a number of months now and want to express my gratitude to the OpenBSD folks. Of course, that means buying a few more of their CDs [openbsd.org]. Heh, heh... Shameless support for my favorite OS. What's in their best interest is in the best interest of my computing environment, right? Good!

    Now where is that post I wrote a few days ago about building a new distro called AbiertoBSD out of used car parts?

  • Prioritizing ACKs (Score:5, Interesting)

    by Stormie ( 708 ) on Thursday May 01, 2003 @02:51AM (#5850899) Homepage

    Damn, that business with the prioritizing ACKs sounds fantastic! I have the same setup as in their example (ADSL 512Kb down/128Kb up) and always have to put upload limits on filesharing programs so they only upload at maybe 11KB or 12KB per second, 'cos if I let them hit their full 16-ish KB/sec, the downloads choke and die.

    I might have to salvage some crappy old box from work and see if I can't set it up as an OpenBSD gateway..

  • Linux traffich shaper here... (Score:5, Informative)

    by Smoking ( 24594 ) on Thursday May 01, 2003 @03:24AM (#5850970) Homepage
    For the ones not willing to change their OS only for the trafic shaper DSL trick, here's the link for linux: (including many other very interesting things...) Linux advanced routing and traffic control [lartc.org]
    enjoy it!
    Q.

  • Show your support! (Score:4, Insightful)

    by terrencefw ( 605681 ) <`ten.nedlohsemaj' `ta' `todhsals'> on Thursday May 01, 2003 @06:39AM (#5851275) Homepage
    This is good news for the OpenBSD community indeed, but rather than downloading, you might consider buying the CD set from a retailer near you [openbsd.org] to fund further development. Given the recent funding issues, now couldn't be a better time to support this superb open source project.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close