OpenBSD Marches Toward 5.0 Release

badger.foo writes "OpenBSD-current just turned 5.0-beta, providing us a preview of what the upcoming release (slated for November 1st) will look like. Peter Hansteen takes us through the main new features and explains the development process that has consistently turned out high-quality releases on time, every six months for more than a decade."

Obligatory

[crow_t_robot]

*Post that makes a joke about the Firefox release schedule*

Re:

[Lennie]

Actually, if people think OpenBSD's release schedule is a good thing, then I have no idea why people would complain about Mozilla trying to mold their release cycle in a similair fashing.

Because OpenBSD has been doing what Chrome did from the start: a timed release cycle. Take the features that are done and only release those.

The Mozilla folks still need to learn a bit I'm sure. They'll probably get the hang of it soon.

OpenBSD Rock Solid OS without fluf.

[jellomizer]

If it wasn't for the fact that most System Administrators are more comfortable with Linux or Windows (And many of the new ones are not too willing to expand that much on the command line). I would have all my servers running OpenBSD. You get it set it up to do the Job you want and let it work.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:OpenBSD Rock Solid OS without fluf.

[fuzzyfuzzyfungus]

Not necessarily fun to shoehorn onto a laptop; but if the hardware comes with rack rails, generally just fine.

Re:

[fuzzyfuzzyfungus]

Hence my somewhat cowardly use of "necessarily". Given the fairly substantial standardization of core hardware in the x86 market(ie. either an Intel chip with an Intel chipset, or an AMD chip with either an AMD chipset or one of the remaining Nvidia ones, along with wired NIC by Intel or Broadcom and wireless by Intel, Broadcom, or a couple of others) it is hard to go too far wrong even with laptops; but laptops are the sorts of places were "realtek did something fucked up with the supposedly standardized '

Re:

[ulzeraj]

Running it as a home router on an Intel Atom mini-itx motherboard. It recognized a Tenda (forgot the real model) N-150 wireless device and I was able to quickly put it to use on WPA2 with just ifconfig and wpa-psk to convert the key to a hex. No need for cheesy software. Its also running its rootfs on a 2gb usb card (mutable stuff such as /var/log is running on mfs (memory file system). OpenBSD is fantastic for the job.

Re:

[fuzzyfuzzyfungus]

In the spirit of curiosity, is your Atom board one of the early ones were Intel was pairing atoms with SiS chipsets, or one of the later with a 945, or one of the still later with the NM10, or whatever intel is calling their atom-specific chipset these days?

Re:

[mirix]

A little late to the game here, but for what it's worth, I've run OBSD on a atom with the 945 chipset in the past, no problem.

Of course it was on server duty (hence openbsd), so I have no idea if the onboard sound, etc, were functional :p

Re:OpenBSD Rock Solid OS without fluf.

[TheRaven64]

I used a PowerPC Mac Mini as a server for a few years, and had no problems with OpenBSD hardware support. Everything worked with the same interfaces as on x86. YellowDog Linux also kind-of supported the hardware, but things were strangely different from x86 (e.g. Linux puts CPU and power management stuff behind different interfaces on different architectures) and the admin interface was just different enough from RedHat to be irritating, while OpenBSD on PowerPC Mac worked just like OpenBSD everywhere else.

A sysadmin probably wouldn't have noticed that it wasn't x86. A developer would only have noticed if they did anything endian-specific, not if they stuck to public OS interfaces. While I had the machine, I wrote some software for showing the CPU and power status which ran on a variety of systems. It had a simple abstraction layer, where each target platform implemented a few functions for platform-specific stuff. For OpenBSD, each function was one sysctl() call. I wrote them on PowerPC, someone else tested them on SPARC, x86 and x86-64, and they worked everywhere. For Linux, I had to add a dependency on a 300KB library that abstracted the differences between the different versions of Linux on x86... and then was told by the first person that tested it on PowerPC Linux that it didn't work properly there.

So, I'd say hardware support is pretty good on OpenBSD. More importantly, the OS actually does its job and abstracts the hardware so developers don't have to pretend that they're writing DOS applications and ship a different code path for every possible combination of hardware on OpenBSD.

Re:

[Wrath0fb0b]

So, I'd say hardware support is pretty good on OpenBSD. More importantly, the OS actually does its job and abstracts the hardware so developers don't have to pretend that they're writing DOS applications and ship a different code path for every possible combination of hardware on OpenBSD.

I don't think you are wrong in your experience or conclusion but when people talk about "hardware support" they are not referring to whether it will run on older architectures (Apple hasn't sold a PPC in nearly half a decade). Rather, they are talking about drivers for all the random peripherals they've accumulated -- wireless mice, webcams, joysticks, scanners, wifi cards, bluetooth modules. The number of people frustrated by installing an OS and not having it support no-name bluetooth module XXX or Broadc

Re:

[TheRaven64]

they are not referring to whether it will run on older architectures (Apple hasn't sold a PPC in nearly half a decade)

Sorry, but the Mac Mini was brand new when I put OpenBSD on it. Apple stopped selling PowerPC machines during the time it was operational. Its sales accounted for something like 2% of total PC sales in that year, yet the only two operating systems that supported it well are OS X and OpenBSD.

awesome -the BSD are very incestuous

[rubycodez]

for the last couple years, http://www.openbsd.org/i386.html#hardware [openbsd.org] very good, works with all the wireless and USB devices I've plugged into it including cameras, several types of wireless ethernet, usb to serial. Yes, it works on my Toshiba and Thinkpad laptops with all video and sound ok, admittedly as one of two alternate partitions for grand occassions with windows xp, and not my main Linux one.; A lot of the recent device additions of that is due to NetBSD and FreeBSD, the BSD license is great for s

Re:

[pak9rabid]

I would have all my servers running OpenBSD. You get it set it up to do the Job you want and let it work.

And this is different from Linux how exactly?

Re:OpenBSD Rock Solid OS without fluf.

[TheRaven64]

The other poster already pointed out that it's got documentation. The OpenBSD team will actually back out commits that don't come with updates to the relevant man pages. Try this on OpenBSD: go through /dev, and look up every device that's listed there. Then go through /etc/ and look up every file that's there. Now try it on Linux (or FreeBSD or OS X, for that matter). OpenBSD is the only system I've used where you will actually find documentation on every device and every config file that's part of the standard install.

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

Re:

[tokul]

The other poster already pointed out that it's got documentation. The OpenBSD team will actually back out commits that don't come with updates to the relevant man pages.

Oh really. check setlocale return values, BSD manuals and supported locales.

Re:

[tokul]

They still write great code and documentation.

setlocale manual says that return value for not supported locales is false and that anything outside of LC_CTYPE is not supported. Why the .... function returns garbage string?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[snowgirl]

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

scrub in all reassemble tcp
nat pass on $ext_if from $home_network to $internet -> ($ext_if:0)

Re:

[Just Some Guy]

Ugh. I went through the OpenBSD 4.7 upgrade torture test last weekend. For those who don't know what we're talking about, the firewall config file syntax change in a backward-incompatible way between OpenBSD 4.6 and 4.7. It wasn't possible to boot into the new system without largely rewriting the file, which is kinda inconvenient when the machine in question is your primary firewall.

It was a good upgrade and I like the new version better, but it wasn't exactly painless.

Re:

[snowgirl]

Ugh. I went through the OpenBSD 4.7 upgrade torture test last weekend. For those who don't know what we're talking about, the firewall config file syntax change in a backward-incompatible way between OpenBSD 4.6 and 4.7. It wasn't possible to boot into the new system without largely rewriting the file, which is kinda inconvenient when the machine in question is your primary firewall.

It was a good upgrade and I like the new version better, but it wasn't exactly painless.

I fortunately have been generating my pf.conf from an XSLT on an XML file for a few years now, so it was a relatively simple matter of changing a single line in the file that is generating the XSLT*, and then using make. So, it was relatively pain-free for me.

*: Why am I using a file to generate the XSLT? Have you SEEN the XSLT language? It's horrible and designed for machines. The file I'm using adds a layer of abstraction that makes XSLT a useable language for human beings.

Re:

[Just Some Guy]

Um, if pf.conf so bad? :-D Seriously, I just edit it with vim. It's the easiest firewall system I've dealt with.

Oh, I also got nailed by the old nat and rdr rules having an implicit "quick" and I had "block all" at the end of the file. The new syntax rules with pass aren't automatically quick, so I had to rearrange the rules a little.

Re:

[snowgirl]

Um, if pf.conf so bad? :-D Seriously, I just edit it with vim. It's the easiest firewall system I've dealt with.

No, pf.conf isn't bad at all. But the XML file holds more than just my firewall rules. It holds all the information necessary to produce my named lists (forward and reverse), as well as my dhcpd.conf. Oh yeah, as well, it produces an HTML "netinfo" file which has all the network information in pretty print format, with links and all.

Basically, the XML file describes my whole network, and keeps things consistent so I don't have to keep things consistent by hand.

Re:

[Just Some Guy]

I'm not sure whether to be impressed or horrified.

Re:

[snowgirl]

I'm not sure whether to be impressed or horrified.

It sounds like you're having the proper response.

Re:

[renoX]

> *: Why am I using a file to generate the XSLT? Have you SEEN the XSLT language?

Yes, unfortunately I had to understand why some files were incorrectly generated, which made me debug XSLT scripts, the horror!

I'm still wondering how XSLT was created..
Maybe the creator was a sadist?

Re:

[jgrahn]

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

Version: is it unfair to expect things to actually *change* between versions? I don't think so.

Distribution: surely you cannot expect RedHat EL, Debian, Slackware etc to all be exactly identical!

Hardware: you described upthread your problems with Yellowdog Linux on x86 and PPC. I cannot explain that experience. Yellowdog Linux must suck, because I'm using Debian on x86 and PPC, and there are *no* unreasonable differences. The only ones I can think of is the bootloader and the disk partitioning scheme, and

Re:

[rubycodez]

What an ignorant set up statements, the application set is huge (over 6000 binary packages for amd/intel) and includes all the common apps for desktop, languages, web.

The users number in the thousands at least, and moreover, unless your a windoze weenie, you are likely typing your troll into a machine with code on it from the OpenBSD team.

Re:

[rubycodez]

and what's with that "architecture" crack? It runs on more architectures than most Linux multi-arch distros. For example, comparing it with Debian, it doesn't run on the S/390 or Itanium but all the others, but also supports four more Debian doesn't have.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Bing Tsher E]

And this is different from Linux how exactly?

With Linux, you know there will be a totally new gui config utility that you have to use with each major release. And the userland will shift around, depending on the mood of the aggregator who puts together whichever 'distro' you happen to use.

With a BSD, you set it up to do the job you want and with a few minor tweaks of /etc files for major updates you just keep on keeping on.

Re:

[patrikas]

OpenBSD is the operating system, Linux is kernel.

Re:OpenBSD Rock Solid OS without fluf.

[SirCyn]

OpenBSD: Two remote vulnerabilities in the default install in ~12 years. None in the last 2 years.
Running a 2 year old copy of OpenBSD still safe (unless you make it otherwise). Your Linux ISO from 2 weeks ago is already vulnerable.

Re:

[khoonirobo]

True:

But then this is usually what happens : http://xkcd.com/349/ [xkcd.com] [XKCD post, obligatory]

Re:

[rubycodez]

It is funny that there was nothing in -current serious enough to be a security/errata patch yet with 4.9; with most releases there would be a few by now. Maybe it'll be known as the "golden release" if that turns out to be true for another couple months.

Re:

[Anonymous Coward]

I run OpenBSD and I appreciate how (relatively) maintenance free it is, but that claim has *always* bugged me.

Two remote vulnerabilities in an install that leaves no services running in ~12 years, huh. Fascinating. Nevermind that almost nobody actually runs a system without services, or that a glance at the errata page shows that basically any non-root bug on OpenBSD can be escalated to give root privs. I dunno where you've been, but Linux distros stopped shipping with every service under the sun running a

Re:

[arose]

And how many people use just the stock install? How many use it for a workstation?

Re:

[Bob the Super Hamste]

I find that the problem is with going from windows to anything else. If you know one flavor of Unix the others aren't fairly easy to pick up. On any given day I may work on Linux, AIX, Solaris, OpenBSD, HP-UX, or windows. I prefer any of the others to windows even with their own idiosyncrasies and I was a windows user for a long time. I got my feet wet on *nix with X and now prefer the good old command line for a lot of what I do.

Re:OpenBSD Rock Solid OS without fluf.

[david.given]

The OpenBSD technology is amazing; I'd recommend that any Linux user gives it a try to see how a Unix is supposed to work. Simple, flexible, consistent, robust, and superbly documented (there are man pages for everything, including the internal kernel APIs needed to write device drivers!). I just wish it had apt, that's all. (And better non-PC support. My main server's an ARM.)

It's even more amazing if you've ever interacted with the OpenBSD community, who are basically dickheads. Admittedly, it's been a while since I gave up on the -misc, but the last time I was there there was some poor guy trying to discuss virtualisation and the lead developers (including Theo) were simply hurling childish abuse at him rather than, say, actually trying to communicate. And of course all their groupies were joining in. It was incredibly unpleasant.

I suppose it's possible that they've grown up since then. I really wish they would; OpenBSD deserves a lot more attention and use. But I was so turned off by the total lack of anything resembling professionalism in the community (which is weird, because the actual docs are brilliant) that I haven't felt like going back.

what's the objective?

[Onymous Coward]

However there are many people who try to seem smarter than they're, and they might deserve to be made fun of.

Leaving aside the moral debate of when a person deserves mistreatment, what is the value of abusively mocking someone in a public forum? It does not raise the level of discourse to something productive. At the least it's a kind of friction and so energy goes out the window as a kind of heat loss. Maybe it's a kind of turbulence that amplifies the original wobble of stupidity rather than smoothing things back into a laminar flow. Maybe it promotes a culture of antagonism, resulting in rampant friction an

Re:

[arose]

Leaving aside the moral debate of when a person deserves mistreatment, what is the value of abusively mocking someone in a public forum?

You should ask Theo...

Re:

[DaMattster]

Well, as much as I love OpenBSD, not much has changed on the mailing list. The misc@ list has a very low tolerance of people whom they percieve as stupid or even newbies. Remember, we were all newbies once.

Re:

[rlillard]

... low tolerance for stupidity -- absolutely. ... newbies, you need to be more specific. It's lazy newbies who don't RTFM (that's F as in fine) or provide appropriate information in a problem report that get roasted.

Sorry to hear that.....

[mevets]

but did you ever figure out why virtualization is a bad hack to prop up crappy software?

Re:

[g8oz]

Theo?

Re:

[Bengie]

Because implementing failover and live-migration into every piece of software is a great idea? Just do it at the OS level. Applications shouldn't have to worry about hardware, SANs, etc.

Test environments are greatly simplified.

Soon you'll be telling us how protected memory is bad, we need to do away with operating systems, and the internet is a failed concept.

Re:

[mevets]

wow, way to grab the wrong end of the stick and start beating around the bush with it.
Good OSes don't need virtualization - it is a crap solution to work around even crappier OSes (windows, I should add since I'm sure discerning subtlety isn't your strong point).

Re:

[serviscope_minor]

(And better non-PC support. My main server's an ARM.)

It's even more amazing if you've ever interacted with the OpenBSD community, who are basically dickheads. Admittedly, it's been a while since I gave up on the -misc, but the last time I was there there was some poor guy trying to discuss virtualisation and the lead developers (including Theo) were simply hurling childish abuse at him rather than, say, actually trying to communicate. And of course all their groupies were joining in. It was incredibly unple

Re:

[snowgirl]

Ooooo! Nifty cool, thanks for pointing that out!

OpenBSD = Fight Club

[raised_by_wolves]

Jack: What if the applicant wants to discuss virtualization?

Theo: Hurl abuses at him, hit him with the broom, and then threaten to get a shovel.

Safer on old systems

[Anonymous Coward]

If your hardware is older, OpenBSD is a safer environment - if your CPU does not implement the NX bit, OpenBSD manages the same functionality with W^X. Many other memory-handling features make the system safer (malloc with mmap, rather than sbrk, for example), although there can be a performance penalty.

OpenBSD implements privilege separation in many of the daemons of the base system (ftpd, dhcpd, ntpd, sshd), so you can trust them more.

OpenBSD's alternate daemons for well-known protocols (ntpd, smtpd) give

Audio

[pr0nbot]

Sweet! Does it ship with Pulse Audio?

tried openbsd before

[Anonymous Coward]

Some things that annoyed the hell out of me:

1. First install it wouldn't boot. Seems it didn't save the partitions correctly, so tried again. This time it booted.
2. Home and end keys don't send you to the end or beginning of the command line you're on. Mac also does this. It annoys the hell out of me. One thing windows and linux got right.
3. It comes with vi by default but trying to install vim was a hassle. And once you get it installed, it's not used by default. Instead you gotta create an alias

Re:

[ulzeraj]

It uses ksh, not bash. Alternatively, if you like shell functionality "set -o vi" it will blow your mind.

Re:

[Anonymous Coward]

1: Can't help ignorance, you probably forgot to set something as bootable. I've done it myself.
2: I agree, but OpenBSD supports so many different architectures that it makes sense that they do nothing out of the box.
3: vi is not vim. Of course installing vim doesn't replace vi.The vi included with OBSD is OBSD's vi.
4: You also have to install openssh server on any linux before people can log in. You don't have to jump through hoops to let people log in, you do however need to make sure people are in the rig

Re:

[Anonymous Coward]

Some things that annoyed the hell out of me:

1. First install it wouldn't boot. Seems it didn't save the partitions correctly, so tried again. This time it booted.

2. Home and end keys don't send you to the end or beginning of the command line you're on. Mac also does this. It annoys the hell out of me. One thing windows and linux got right.

3. It comes with vi by default but trying to install vim was a hassle. And once you get it installed, it's not used by default. Instead you gotta create an alias on your shell login script. But even then I could not get that working. On linux, when you install vim, it replaces vi. If I use the command vi after I install vim, it'll use vim. On bsd it keeps both, leading to frustrations.

4. You need to install openssh server after and then go through hoops to allow users to login.

This really did remind me of linux back in 1995. It's archaic and you must remember work arounds. How hard is it to make these modifications be part of the standard install? Why weren't they done a long time ago? I'm sure if you started making stuff as "easy" as linux, you'll attract more users. But from trying it myself, I can see why it's used by so many few people.

Whine #1 You screwed it up. Don't blame OBSD. You could have read the install documentation prior to attempting an installation. They are on the web site.

Whine #2 If this makes your top 5 pet peeves, OBSD must be really great. You could fix the keyboard issue if you were to read the manuals. Is that a problem for you?

Whine #3 Have you considered that OBSD is multiuser? Maybe others will want to use original vi. You consider yourself competent to critique a Unix based OS and yet you are unable to

Re:

[Noitatsidem]

If not, please don't start now.

Exactly what OpenBSD needs, less users!

Now, With Extra Theo!

[Jeremiah Cornelius]

He's "De Raadtical"!

That's why I use it! No one can piss all over a party on the listserv like Theo!

Re:

[Anne Thwacks]

And this is completely unconnected with the fact that security is a problem on the internet?

Disclaimer: I use OpenBSD for hosting mission critical financially sensitive servers.

Re:

[Gordonjcp]

Disclaimer: I use OpenBSD for hosting mission critical financially sensitive servers.

Really? I'd use something more secure.

Oh, I know Theo likes to keep telling everyone how secure OpenBSD is, but every time anyone does discover an exploit in it he's quick to point out some ingenious way in which it doesn't really count. He's like that one kid that everyone knew at school who would just not accept that he was "it" when you were playing tag - always some bullshit made-up-on-the-spot rule why tagging him didn't count.

Don't be that kid. That kid is a dick.

Re:BSD Isn't Relevant Anymore

[Moridineas]

Poettering:
"You're not welcome to complain if it's free"

On how the speaker got feedback from various mailing lists/communities:
Poettering: "You didn't ask the right people...next time just ask me, thank you very much."

Poettering:
"I'm sorry your mindset from the 1970s unix is not up-to-date anymore...*booos*...I see, lots of UNIX lovers here...*cheers*

Speaker:
(after talking about hald)
Poettering: "Ok, hald has been deprecated for 2 years, not my fault people still use it."
speaker: Yes, but it's got these limitations, we should get rid of it, do you agree
Poettering: No, when we designed it it was great, it did all these things that could never be done before
speaker: but it never worked
Poettering: you're doing it wrong, it worked great.

The guy interrupted the speaker for the entire talk and then got up and stage after him and took the mic. What an asshole. Completely regardless of whether or not you disagree with the speaker, it's just plain rude to interrupt a talk like that.

Re:

[rlillard]

What a stupid way to count users.

Re:Not to be outdone...

[Anonymous Coward]

OpenBSD 5.0 will be released in November.
Twice a year releases mean that we knew this back in 1996.
And 5.0 will be just as much a major release as 4.9 was.