OpenBSD 4.6 Released 178
pgilman writes "The release of OpenBSD 4.6 was announced today. Highlights of the new release include a new privilege-separated smtpd; numerous improvements to packet filtering, software RAID, routing daemons, and the TCP stack; a new installer; and lots more. Grab a CD set or download from a mirror, and please support the project (which also brings you OpenSSH and lots of other great free software) if you can."
Still no torrent? (Score:1, Insightful)
Come on! FreeBSD has been releasing via bittorrent for a while now [freebsd.org]. Get with it OpenBSD!
Re:Torrent? (Score:2, Insightful)
Re:Still no torrent? (Score:3, Insightful)
Most distros have at least one or two really good mirrors nearby. Maybe when they don't offer a 4GB file (their install.iso file is 200MB) they don't see the need.
Re:October 18th is also its birthday (Score:2, Insightful)
Does BSD support "Q" yet? Linux stole the "P" code ages ago and implemented "Q" but released it under a restrictive license that prevents the original authors from using the new features. Come on, get with it BSD!
ISO Policy Explained (Score:4, Insightful)
OpenBSD's FAQ explains their choices regarding ISO images [openbsd.org].
I like to install OpenBSD from a floppy image [arcticnetwork.ca] - only 1.44 MB! I then choose an FTP mirror [openbsd.org] and install whatever parts I want on the fly.
Re:Still no torrent? (Score:3, Insightful)
Maybe when they don't offer a 4GB file (their install.iso file is 200MB) they don't see the need.
Every openbsd installer I have ever downloaded has been 10MB...
Re:October 18th is also its birthday (Score:1, Insightful)
The code was already "free". In fact it was free-er before slapping a new license on it. :)
OpenBSD - not that secure... (Score:1, Insightful)
OpenBSD security is in large part overstated, and at worst, a myth.
Let us look at 3 main points, of which the last is the most important.
1. Secure by default. Yes, having services turned off by default is a good move. It also actually has nothing to do with the security of what you actually have running.
2. Auditing. Only the base system is audited. The ports are often quite far behind. Most attacks are not against "the base system".
3. Lastly...OpenBSD, by design, is not a secure system. A secure system is much, much more than just a lack of vulnerabilities. It is the ability to have controls and lock down things, to prevent unauthorized access. Instead, the OpenBSD approach does it's very best to assume that people don't get in, but does little to help when something does go wrong. Or, you know, if you even wanted to actually restrict access with more than just the user/group scheme. Hell, they don't even have a basic ACL. VMS was a secure system. Very recent editions of Windows are well on their way to becoming secure systems. OpenBSD is not.
In fact, as it stands, Linux is a far, far more secure system, because of access to things like SELinux and RSBAC. These frameworks allow you to lock down and control every aspect of your system. Anything you want to restrict and how, you basically can. It takes the "everything is a file" philosophy to the next step. These systems are more secure for one simple reason. You should be prepared in case someone does, not simply try to eliminate all bugs all together, which while noble, is a flawed attempt. Not to mention the inability to restrict legitimate users on the system in a limiting way...
Instead, if someone successfully gets root on OpenBSD..then they have root, This is getting better with privilege separated stuff, but Linux had this in 3rd party patches about 10 years ago. With SELinux and RSBAC, you can remove the concept of root. If someone hacks a webserver...well, the webserver does not need write access, except maybe to tmp, it won't need execute access, it won't need to initiate outgoing connections, and it won't need write access, only append access to /var/log. The attacker can't do anything, and you simply can't do something similar with OpenBSD.
In fact, despite Theo being staunchly opposed to such attempts, there was one. Systrace. It was nowhere near as powerful or flexible as the aforementioned frameworks, but it was a start. Instead, The developers decided to use an insecure technique, system call interposition [psu.edu], shown to be insecure. After this they gave up.
OpenBSD is an extremely quality codebase, and it is more secure for small stuff and does make a good router or firewall. It is by no means a secure system though, and should not be hailed as one.
Re:Where's the song? (Score:1, Insightful)
I swear the release songs are what excites me the most about each OpenBSD release song. :-)
I also find myself agreeing with most of them too. This last one is particularly poignant. I feel the same way a lot of the time, that the technology is trying to be too controlling, that there is too much (technological) power in the hands of the big monopolies, that our choices are dwindling and we must defend them.
Don't ask me to rationally defend all these positions. I just don't like one-button iPods, locked down formats, binary-only blobs, and whereas most every other user of technology is happy with them, I am not.
Give me back my free software [wordpress.com], please.