OpenBSD 4.8 Released 176
Mortimer.CA writes "The release of OpenBSD 4.8 has been announced. Highlights include ACPI suspend/resume, better hardware support, OpenBGPD/OpenOSPFD/routing daemon improvements, inclusion of OpenSSH 5.5, etc. Nothing revolutionary, just the usual steady improving of the system. A detailed ChangeLog is available, as usual. Work, of course, has already started on the next release, which should be ready in May, according to the steady six-month release cycle."
Don't forget the Release Song! (Score:2, Informative)
Someone forgot the infamous song release for 4.8 to be included in article details: El Puffiachi [openbsd.org]
song (Score:4, Informative)
The release song [openbsd.org] doesn't even have lyrics :-(
How good can the release be then, I ask!
Re:How are upgrades handled? (Score:4, Informative)
I'm curious. Having never used a BSD-based system, how are upgrades managed? I understand that instead of installing packages, one uses ports. My impression of that is that you run a file in a ports directory and it compiles the software and installs it. Correct me if I'm wrong.
Ports are meant for building packages. Users should only use packages normally. You can update your packages after you upgraded your base system with "pkg_add -ui -D update -D updatedepends"
But how does one upgrade from, say, OpenBSD 4.7 to 4.8?
OpenBSD has excellent docs and FAQ's: http://openbsd.org/faq/upgrade48.html [openbsd.org]
Re:fdisk (Score:5, Informative)
IIRC you can suffix a quantity with M or G to specify size in megabytes or gigabytes.
Re:How are upgrades handled? (Score:2, Informative)
unlike a lot of operating systems, openbsd includes apache, bind, and other common network servers in the base install.
there's no automated upgrade procedure that works well for the openbsd base system at all; but there's a manual procedure, which is well documented, for upgrading between major versions
as someone has tried to upgrade many major linux distributions in various environments, i can tell you that manually is the ONLY way to do a proper system upgrade on a critical system; and many complex package management systems can hinder such an effort
openbsd people seem to shy away from binary packages for the most part, and most people that upgrade end up using a full source tree of the system to do so. in fact, openbsd is a bit unique in that they don't have an official binary patch mechanism. security patches to the base system are also generally intended to be done on a virgin openbsd source tree.
it's a weird way of doing things, for the average administrator, but it's a niche operating system, so if you don't like doing things the slow (but reliable) way, openbsd is not for you.
Re:Suspend/Resume? (Score:5, Informative)
Re:fdisk (Score:3, Informative)
Re:fdisk (Score:1, Informative)
Re:OSNews? Thom Holwerda? Seriously? (Score:4, Informative)
Sorry man, that's not a highlight. It's a link.
I, uhm.. think you may have missed out a bit on the Internet. Here, I'll give you a link to start with: http://www.bing.com/ [bing.com] -- happy binge!
Besides, the mentioned "bullshit" was half way into his post. If you just read the first few words, I think he's happy.
Re:fdisk (Score:3, Informative)
Nice Troll. I'll bite.
Nor does an OpenBSD user excel on either Linux or Windows - they are three different worlds. You do not state, but imply, that someone that knows BSD knows those other systems. You either do so through intention (dishonesty) or through lack of thinking your argument out (ignorance), either one isn't particularly good.
I have three Linux machines (Slackware/Ubuntu) and one OpenBSD machine at home, all of them work very well. I also have two additional Windows machines at home, and I use one at work (sigh). I know all three systems pretty well. What's your point?
And, just to add an important precision: I administer Linux (Red Hat/SuSE), Solaris, AIX and HPUX machines at work. I know all of these systems pretty well.
The problem that the *BSD versions have for large acceptance is why? The big draw of it - security from the ground up - isn't really useful in most places.
Go ahead and tell that to the security engineers that audit the servers on a regular basis at work. Go ahead, I dare you. This is the best way to be out of a job pretty fscking quickly. OpenBSD is not perfect, but, when it comes to security, any serious person is going to consider it.
You need that at your firewall and router (usually one in the same for small to medium companies or a home network) and those are better handled by a hardware/software stack that is specifically designed for that.
In other words: trust us, we are from ______________ [insert big company name here]. No, thank you. I have been burned by vendors too many times.
Cisco solutions are a better combination of performance and costs. The OpenBSD box is never going to perform as well as the Cisco 28xx series and is no more secure so why go that way?
Mwa ha ha ha ha ha! Thanks, I needed the laugh.
Performance blows for general purpose hardware compared to specialized ones today.
You obviously have no idea what you are talking about. None.
Ten years ago they rocked, routers and firewalls on general purpose hardware was the the higher end of the market - today purchase a solution from Cisco if you really need it.
[More drivel follows]
A few points:
A) If you are trying to worship at the altar of Cisco, please find some other place for it. Cisco's hardware is uninteresting and overly expensive for what it does.
B) Even Cisco uses OpenSSH - which comes from OpenBSD. I really wonder why?
C) Why buy an overpriced Cisco XXXX, when a simple PC with 4 network cards and OpenBSD can do the job for half the price and three times the performance?
Crawl back under your bridge, little troll, and try to learn a bit about the real world before tooting your Cisco horn.
Re:How are upgrades handled? (Score:3, Informative)
Upgrade to OpenBSD 4.7 to 4.8 is as simple as booting the machine on the CD, and selecting (U)pgrade instead of (I)nstall.
Make sure you make a backup of your /etc/ directory beforehand and you are good to go. The upgrade process should keep your configuration intact, but it never hurts to be a bit cautious.
I'll note that i have been upgrading the same machine from OpenBSD 3.9 all the way to 4.8 without major problems.
Unless you have a very good reason to, do not use ports: use (pre-compiled) packages. Upgrading packages is as simple as typing: 'pkg_add' with the correct options. See here for more details: http://openbsd.org/faq/faq15.html#PkgUpdate [openbsd.org]
That's all there is to it. OpenBSD is a very simple operating system to use, and one that is a pleasure to upgrade and maintain.
Re:How are upgrades handled? (Score:3, Informative)
Make sure you make a backup of your /etc/ directory beforehand and you are good to go. The upgrade process should keep your configuration intact, but it never hurts to be a bit cautious.
For /etc upgrades, there's sysmerge.
In fact, you can run sysmerge -x xetcNN.tgz -s etcNN.tgz and answer the friendly prompts before booting into the installer for the upgrade. Then after you've done the base system upgrade, set your PKG_PATH to something sensible and run pkg_add -u to upgrade your packages. Time needed is mainly a function of how good your connectivity to the packages mirror is.
Re:fdisk (Score:3, Informative)
I've been using OpenBSD since 3.3, and I don't think I've ever specified anything in cylinders when setting up. The BSD disk label tool accepts arguments in size, example 20M, 20G, 20T etc.
Re:OSNews? Thom Holwerda? Seriously? (Score:5, Informative)
For example, if you need to build a web server, you might pick OpenBSD because of its "secure-by-default" mantra. But what does that really buy you? You still need to run web server software, which is going to be the vector for any attack.
The OpenBSD base system includes a version of Apache that has been heavily audited (fixing a lot of bugs that didn't seem to get fixed in the main branch until years later - look for 'does not affect OpenBSD' in security advisory notes) and runs in chroot by default.
Is lighttpd any more secure on OpenBSD than on Linux? No
As I recall, lighttpd runs in a chroot by default on OpenBSD, but I could be wrong. On top of this, it has (probably not a full list, just the things I remember):
And the best thing? You don't need to configure or even understand any of these for them to work. That's what 'secure by default' means - no faffing with SELinux configuration, no optional security measures that people turn off because they're too hard to get right.
I would argue that OpenBSD may be secure by design, but SELinux is, in practice, more secure.
In practice, SELinux is usually disabled. In the few places it is enabled, it makes the attack surface larger and has led to exploitable bugs that are not present in Linux-without-SELinux.
Re:Have they decided to implement security yet? (Score:3, Informative)
Re:fdisk (Score:3, Informative)
Re:Audio on BSD? (Score:3, Informative)