OpenBSD 3.5 Released 345
pgilman writes "The word just hit the announce@openbsd.org mailing list: "We are pleased to announce the official release of OpenBSD 3.5.
We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install. As in our previous releases, 3.5 provides significant improvements, including new features, in nearly all areas of the system" including security, hardware support, software ports, and lots more. Support the project if you can by ordering the cds, or grab it from the net (use a mirror!). Thanks to Theo and the whole team!"
Amazingly, yes (Score:4, Informative)
What? (Score:1, Informative)
yea (Score:3, Informative)
and OpenBSD Rocks!
Re:Excellent (Score:0, Informative)
well, this is at least my 2 cents
Mascot (Score:3, Informative)
Re:pfsync/CARP (Score:5, Informative)
-Pat
Re:my favorite comment from the changelog (Score:5, Informative)
Re:"single remote hole" (Score:5, Informative)
OpenSSH.
Re:"single remote hole" (Score:4, Informative)
Re:Argh (Score:3, Informative)
Not all mirrors have 3.5 yet... (Score:4, Informative)
In case google is broken, which it's not (Score:4, Informative)
I'll bite too... (Score:5, Informative)
1) Devry... nice..
2) A company capable of buying quad xeon hardware doesn't sound like the kind of cmopany that needs to resort to running a workstation OS--XP Professional--on a server. Plus, Windows XP will only use 2 CPUs maximum.
3) Like mentioned before, you'd never run OpenBSD on an SMP box in a production scenario
4) What kind of password? The Windows XP password has nothing to do with Dell. If you mean the BIOS password, that has nothing to do with Windows.
5) Microsoft's multi-user computing (read: NT Domains/Active Directory) is actually quite good.
6) If your server had three years of uptime, there was probably (I'm sure there wasn't but I don't want to be wrong) no OpenBSD SMP support (not even beta) 3 years ago... I wonder how your boss feels about a server having 75% of its computing power being unused.
There's more wrong with your post, but why bohter...
Re:Excellent (Score:2, Informative)
Re:Excellent (Score:1, Informative)
that is absolute bullshit. when software is easy to use, it leads to fewer mistakes
hmm
One remote whole... (Score:4, Informative)
We remain proud of OpenBSD's record of eight years with only a single remote hole in the default install.
I love OpenBSD as much as anyone serious about security, but this quote is completely full of shit.
If you look at the release 3.4 [openbsd.org] errata list, there's at least three or four root exploits waiting to happen. And 3.3 [openbsd.org] and 3.2 [openbsd.org] aren't any better.
And YES, sendmail was in the default install. As well as many programs based off the lately bad libc-6.
OpenBSD is the most secure, and secure-oriented, but its not perfect by any means.
And yes, I run OpenBSD on a few servers, and one desktop!
Perfect Timing (Score:3, Informative)
But now that OpenBSD is only on Firewalls, no webservers, it's less pressing.
Re:pfsync/CARP (Score:4, Informative)
This already is a Cisco killer for one simple reason, VSRP is crap.
Re:Fast AES (Score:3, Informative)
Re:about security holes (Score:4, Informative)
- Program should declare what kind of access it needs to the filesystem to function. No other parts of the "real" filesystem should be visible in the program's namespace at all.
- Same for every other resource such as sockets, etc...
You mean like systrace?
Re:One remote whole... (Score:4, Informative)
Re:Fast AES (Score:4, Informative)
Um, no..... (Score:2, Informative)
From the netcraft FAQ [netcraft.com]
"Operating systems that do not provide uptime information include;
Looks like an excellent release! (Score:5, Informative)
The ones that stand out for me are -
Chrooting and dropping privileges for BIND by default (kept me feeling fairly safe through a few vulnerabilities, and without the extra work of maintaining my own bind built for chroot)
Picking up ssh and releasing a good, free version
Coming up with the nicest firewall I've used, taking it from nothing to ready for release within 6 months (That still amazes me!)
spamd - After breaking 400 spam messages a day directed at my inbox, wiring Spamhaus SBL into the firewall and tarpitting a good portion of the traffic is a nice bonus. Noticing a week after setting that up that OpenBSD 3.5 has graylisting is a nice surprise.
Propolice stack protection built into the OS and integrated for the long haul
Now with CARP, I can feel comfortable getting all this in any environment - I think failover support really opens up a lot of possibilities for the future of OpenBSD.
All in all, OpenBSD has all the attributes I like in an OS -
regular 6 month releases (production quality doesn't have to mean stale),
cohesiveness (no waiting for glibc to catch up to a new kernel feature, or vice-versa),
a real commitment to free software (as demonstrated with OpenSSH, pf, and now CARP)
really delivering - as opposed to various Linux security projects that I've seen integrated with mainstream distros, then apparently forgotten about or relegated to a special option marked with a warning label, OpenBSD is a real tested system.
As a system, it can progress toward its goals through every aspect of the system (eg., the pervasive privilege separation), rather than a patchset to a mainstream distro, which has inherent lag time and may be working at cross-purposes to that distro or the numerous projects that make up the distro it's trying to secure. I've seen a few patchsets come and go over the years, too, while OpenBSD keeps adding to the foundation they've built.
Thanks, OpenBSD team, for all the great releases... (and all the fish
Now I'm off to explore my new OpenBSD 3.5 system, where make build just finished.
Re:FreeBSD and OpenBSD (Score:2, Informative)
Re:Downloadable ISO? (Score:3, Informative)
$ cd OpenBSD/3.5/i386
Then get the following files from a mirror:
CKSUM
MD5
base35.tgz
bsd
bsd.rd
bsd
cdrom35.fs
comp35.tgz
etc35.tgz
game
man35.tgz
misc35.tgz
xbase35.tgz
xfont3
xserv35.tgz
xshare35.tgz
$ cd
And optionally also fetch these files:
ports.tar.gz
src.tar.gz
sys.tar.gz
$ cd
$ mkisofs -J -r -T -V "OpenBSD_3.5" -b 3.5/i386/cdrom35.fs -c boot.catalog -o
Upgrade Mini-FAQ (Score:4, Informative)
Re:Downloadable ISO? (Score:5, Informative)
I think the easiest way to do an installation ( I ran 3.5 up on an old p-166 this evening ) is to download the arch-specific install files ( ie everything under
For detailed info on the install, see the FAQ [openbsd.org].
The Errata [openbsd.org] page should be checked regularly too. Unlike the 3.4 release that had a number of bugfixes that needed to be applied as soon as it was officially released, 3.5 has no need for further patching at this point in time.
Re:about security holes (Score:4, Informative)
- Program should declare what kind of access it needs to the filesystem to function. No other parts of the "real" filesystem should be visible in the program's namespace at all.
- Same for every other resource such as sockets, etc...
systrace(1) [openbsd.org]
Re:Documentation (Score:3, Informative)
What I really like about OpenBSD is that I don't have to google for a HOWTO on configuring pf and altq.
I'd also throw in that the file system layout is very consistant with OpenBSD. There's even a hier(7) [openbsd.org] man page describing the layout. When I'm working on another OS I find myself digging around, even for configuration files, way too often.
Re:FreeBSD and OpenBSD (Score:3, Informative)
I use OpenBSD on my desktop at work. There's a FreeBSD and Linux (among others) binary compatibility option which work great for me. I use the Linux Citrix client binary to connect to a Citrix server across the country just fine. I don't think I've ever run a FreeBSD binary but I install from ports usually so the port-meister of that particular software takes care of issues.
OpenBSD supports a load of different architectures [openbsd.org], far more than FreeBSD. However I think you're really asking about supported hardware on i386. In that area FreeBSD is ahead but most stock hardware runs OpenBSD just fine.
Jump in, the water's fine!
Re:Breaking backward compatibility? (Score:2, Informative)
Does OpenBSD 3.5 break backward compatibility with all previous releases, like every other OpenBSD release does?
That's utter bullshit. Read the upgrade mini-FAQ [openbsd.org], FOLLOW IT and nothing should break. I've updated remote machines that I've never been within 2000 KM from and have never had a problem.
Re:Ok., who has a free iso (Score:4, Informative)
Torrent [hewus.com], and Source torrent [hewus.com].