Forgot your password?
typodupeerror
Operating Systems Security Unix BSD

OpenBSD 5.0 Unleashed On the World 185

Posted by timothy
from the sir-this-encryption-appears-nearly-unbreakable dept.
First time accepted submitter tearmeapart writes "A new version of the operating system that most of us would love to love, but probably hardly ever directly use, has been released. As scheduled, release 5.0 brings support for more hardware, network improvements, and OpenSSH 5.9. The links: changelog; download; main 5.0 page; and how to order your OpenBSD products!"
This discussion has been archived. No new comments can be posted.

OpenBSD 5.0 Unleashed On the World

Comments Filter:
  • by seandiggity (992657) on Tuesday November 01, 2011 @11:24AM (#37908892) Homepage
    ...no but srsly, OpenBSD is not actually a giant blowfish out to destroy our cities.
    • by daid303 (843777)

      ...no but srsly, OpenBSD is not actually a giant blowfish out to destroy our cities.

      Which would be more exciting then an OpenBSD release. I for one, welcome our new blowfish overlords.

    • by ByOhTek (1181381)

      Of course, it is to protect us from the space hackers trying to invade our networks!

      It is a friendly (to us) giant blowfish!

      I once was at a job interview, and they asked if I had any experience with "the OpenBSD variant of Linux".
      I was silent for a moment trying to gain my composure, and then said "... Well, it isn't actually a variant of Linux. It's derived from the original Unix work that Berkley did in conjunction Bell Labs, and not Linus Torvalds independently written Kernel."

      Needless to say, I didn't g

      • Re: (Score:3, Funny)

        by Moridineas (213502)

        Well, no wonder--you didn't use a possessive apostrophe after Linus Torvalds! Amateur mistake...

      • by tqk (413719)

        Needless to say, I didn't want that job.

        FTFY. "Ah, a smartass know-it-all, eh?" It's always best to avoid managers who're easily intimidated by competence.

      • by perpenso (1613749)

        Needless to say, I didn't get a job.

        Somewhere in the conversation did you answer the question as to whether or not you had OpenBSD experience? :-)

        • You will never get hired, wearing a ComiCon T-shirt, and opening your sentences by saying: "Actually,..."

          • by perpenso (1613749)

            You will never get hired, wearing a ComiCon T-shirt, and opening your sentences by saying: "Actually,..."

            Actually :-), I got a job because when the interviewing manager asked how the programming test I had just taken went I told him how poor a test it was. He was very interested in my opinions regarding the matter. One of the first things I was assigned to do once hired was to create a new test. The manager was a business guy and knew nothing about programming but he understood rational arguments when he heard them.

            Of course maybe I was hired because I wore a suit and tie for the interview.

      • by tehcyder (746570)

        Needless to say, I didn't get a job.

        I imagine many of your job interview stories have the same punchline.

        • by ByOhTek (1181381)

          a bit over 50%. A bit under if you count the job offers I've turned down as "successes".

          I've actually had better luck than most on interviewing for positions.

  • obligatory (Score:5, Informative)

    by nimbius (983462) on Tuesday November 01, 2011 @11:24AM (#37908898) Homepage
    link to the 5.0 song, art and lyrics.
    http://www.openbsd.org/lyrics.html#50 [openbsd.org]
    it is recommended best practice to play the correct release song while upgrading your openbsd.
  • I remember trying to install this back in the 3.0 days, being thwarted by the fact that one of the authors of the software owned the copyright on the OS in ISO disc format, effectively making it impossible to get a version to install without paying him. After a few failed days of missing this or that file, and corrupt BitTorrent copies, I gave up, went back to FreeBSD (at the time).

    • Re:Install media? (Score:4, Informative)

      by Richard_at_work (517087) <richardprice AT gmail DOT com> on Tuesday November 01, 2011 @11:32AM (#37908972)

      Not been the case for years, you can download the "install50.iso" image from the mirrors right now.

      http://www.openbsd.org/ftp.html [openbsd.org]

      Example:

      http://mirror.bytemark.co.uk/pub/OpenBSD/5.0/i386/install50.iso [bytemark.co.uk]

      • by raydobbs (99133)

        Sounds like something I might have to give a try then. The 'I own the copyright on the ISO image, so you have to pay me to get an installable copy' stuff was bullshit, to be honest.

        • Re: (Score:3, Informative)

          It was one of their main fundraising abilities - and to be quite honest, they never stopped other people putting together slightly different ISO layouts and going with those. Plus it was trivial to do an install from the tgz themselves.

          • by X0563511 (793323)

            Perhaps I'm missing something, but how are you supposed to boot from compressed tarballs?

            • You make a floppy bootdisk, which were always available, and do a network install?
              • by X0563511 (793323)

                It's 2011, almost 2012, and we're expected to use floppies? You seriously don't see anything wrong with this idea?

                Now, the last time I had to dig in the mirrors looking for media, I didn't know how to do PXE. Was there / is there PXE-bootable "media" available?

            • use a Forth bios assuming that it has a LOAD verb and usb support.
              write a UNTAR verb and an UNZIP verb
              put the floppy
              A:/image.tgz
              LOAD.
              UNTAR.
              UNZIP.
              EXECUTE '.

              see that was easy as pie ;)

              • by X0563511 (793323)

                Use a what BIOS? And floppy, really? It's 2011, almost 2012.

                Not being able to burn an .ISO and boot from it is and was, well, stupid. I'm glad you can actually download ISOs now.

      • Does anybody know if there are pre-built VMware appliances with the new OpenBSD and VMware tools on them? Or will I need to do that from scratch?

    • by tlhIngan (30335)

      I think they offer a free "net install" CD, and many others have put together offline install versoins.

      But yeah, that's the OpenBSD way - they sell the One True Install media to ensure you're getting a pristine copy and not something potentially hacked up with hidden vulnerabilities and such. After all, OpenBSD is about security - and having a way to distribute unmodified CDs is quite hard.

      If you're testing, fine, netinstall or "unofficial offline install" CDs and DVDs work. But if you're wanting a secure i

      • No, they do it that way to to have money and operating funds. It has nothing to do with a pristine copy. The checksums are all online. As another poster mentioned, the full install ISOs are now freely available (and have been for some years), in addition to the net install ISOs.
      • by Raenex (947668)

        But yeah, that's the OpenBSD way - they sell the One True Install media to ensure you're getting a pristine copy and not something potentially hacked up with hidden vulnerabilities and such.

        They're just trying to extract money.

        and having a way to distribute unmodified CDs is quite hard

        No it isn't. All you need is a secure checksum for the image.

    • I don't get this "burn to CD". Who cares? I rarely, if ever, do that. Just use PXE and be done with it. All Linuxes and all BSDs, I know of, allow that easily. Apparently even Windows XP could be installed over PXE, but it was a series of hacks and not easy. I don't know about the more modern Windows versions.
    • I remember trying to install this back in the 3.0 days, being thwarted by the fact that one of the authors of the software owned the copyright on the OS in ISO disc format, effectively making it impossible to get a version to install without paying him. After a few failed days of missing this or that file, and corrupt BitTorrent copies, I gave up, went back to FreeBSD (at the time).

      OpenBSD always had a simple free install if you had a network connection. There were free bootable images available for download. You boot from one of these and it downloads components as needed during the install. The only thing you had to pay for was a CD that contained all components and could do an install *without* a network connection. At least for the current release, the full CD images for previous releases were available for download.

    • This is how you install Openbsd [openbsd.org]. You can download a small iso for your usb/cd, and that will download anything needed thru the net.

      Back in the version 3 days, you needed only a floppy or two to start such an install, nowdays is the same, but ppl mostly use usb sticks now (the floppy image still exists).

      Going for randomly made iso images on bittorrent was a very stupid idea. The only reason i could see someone needing a whole iso is if they lack connectivity.

      You can compare this install method to Debian neti [debian.org]

      • by tqk (413719)

        The only reason i could see someone needing a whole iso is if they lack connectivity.

        If you're doing multiple installs, it'd be a lot nicer for their servers if you're not slurping down a fresh copy for every install.

        • The only reason i could see someone needing a whole iso is if they lack connectivity.

          If you're doing multiple installs, it'd be a lot nicer for their servers if you're not slurping down a fresh copy for every install.

          A lot of times for multiple installs you only install it on to one machine, and then image that computer. After that you just put that image on the other computers that you need it installed on. That way is often easier too since you don't need to reconfigure anything.

    • by afabbro (33948)

      You misunderstood.

      You have always been able to download an .ISO, install OpenBSD over the net, etc. Although I give money to the OpenBSD guys, I have always just downloaded an .ISO from openbsd.org and installed with it.

      You can get all the packages, ports, sources, binaries - everything - over the net.

      Now, they do sell ISOs that have all the packages on them. If you want that, yes, you do have to pay it. That is explicitly stated as a fundraising method for the project. It wasn't "one of the authors" -

  • It's Linux, direct from 2005!

    • by AdamJS (2466928) on Tuesday November 01, 2011 @11:40AM (#37909044)
      So it's not corrupted by the utter crap that is Gnome 3 and Unity? SIGN ME UP.
      • by cachimaster (127194) on Tuesday November 01, 2011 @11:47AM (#37909114)

        It is crazy to think that shipping gnome 2.32, OpenBSD 5.0 has become much more desktop-friendly than Ubuntu.

        • by Compaqt (1758360)

          It's the "downgrade to upgrade" meme all over again. We saw it all the time with /. posters talking about "upgrading to XP" from Vista.

          Now it's playing out with Linux.

      • by Medievalist (16032) on Tuesday November 01, 2011 @11:52AM (#37909168)

        It's Linux, direct from 2005!

        So it's not corrupted by the utter crap that is Gnome 3 and Unity? SIGN ME UP.

        I can't decide whether to mod you "funny", "insightful", "flamebait", or "sad".

        Maybe we need an "all of the above" category.

        • by AdamJS (2466928)
          If it makes you feel any better I'm using Lubuntu, Xubuntu, CentOS and various Windows installs in VMs between work and home. Just calling a spade, a spade.
          • Oh, I wasn't disagreeing.

            I don't think I've ever seen OpenBSD with a GUI installed in the real world. I usually see it in DNS/DHCP and firewall roles... deep infrastructure for highly secure nets.

      • From the Distrowatch site, looks like the list of destops supported by BSD include AfterStep, Blackbox, Enlightenment, Fluxbox, GNOME, IceWM, KDE, Openbox, WMaker, Xfce. And as CarsonChittom pointed out below, it's offering 2 choices of KDE - 3.5.10 and 4.4.5. Chances are that when their Gnome 3.2 is ready, it'll be offered alongside 2.32. My favorite aspect - it offers both AfterStep & WindowMaker - two GNUSTEP based DEs.

        As an aside, even Firefox 3.5.19 and 3.6.18 are included. As well as version

        • Driver support is usually better than any other OS, IME.

          As others have commented, the graphics drivers are an exception, and may may be a bit behind the curve. I don't know, cos all my OBSD machines are headless.

        • by timbo234 (833667)

          "Linux distros would do well to do what the BSDs do - offer a wide choice of desktops, so that everyone can pick their own w/ minimum heartburn."

          They already do, have a look at Opensuse for example. Even in Ubuntu your favourite DE is only a package install away.

    • Some [slashdot.org] people [ibiblio.org] don't even like Gnome 3.
    • It's Linux, direct from 2005!

      It's not Linux. It's not even related to Linux. It's a completely different UNIX-like operating system. I'm pretty sure you knew that already, but I thought I'd mention it just in case.

      Both KDE 3.5.10 (the last in the 3-series, released August 26, 2008 [kde.org]) and 4.4.5 (released June 30, 2010 [kde.org]) are in the -stable ports tree (i.e., available in OpenBSD 5.0). The default GNOME version is 2.32; the release announcement [gnome.org] doesn't give a date, but I think is about a year old. Support for GNOME 3 is being tested in b

    • by makomk (752139)

      I think later versions of Gnome are basically Linux-only, with a lot of desktop functionality being tied to low-level parts of Linux.

  • I get to rebuild my firewall from source yet again.

    • I get to rebuild my firewall from source yet again.

      What, are you running Gentoo on your firewall? This is an OpenBSD release: binaries are available from the mirrors. The OpenBSD developers don't provide binary updates for errata, and maybe they should, but your comment is simply invalid for a release.

      Though I feel sure they wouldn't turn down your offer of help to provide binary updates.

      • by Hatta (162192)

        Fair enough. I forget, because I generally follow CURRENT. It's hard to know what's best with OpenBSD. Check out this bit from the FAQ:

        In fact, as our hope is to continually improve OpenBSD, the goal is that -current should be more reliable, more secure, and of course, have greater features than -stable. Put bluntly, the "best" version of OpenBSD is -current.

        Most users should be running either -stable or -release.

        If I want the best version of OpenBSD I have to run CURRENT, which means I have to rebuild

        • Someday I'll just switch over to pfsense.

          C'mon in, the water's warm. pfSense 2.0 is an excellent improvement over 1.2.3, which I thought was pretty grand itself. You might wait for 2.1, though, if you're in no rush, as it will have some new infrastructure and better IPv6 support.

          Great dev. team and community, and they're finally starting to push most of their BSD patches upstream.

          • by fialar (1545)

            pfSense is based on the pf in OpenBSD 4.5. OpenBSD 5.0's pf is greatly improved.
            There has been a lot of work going into getting an updated pf into FreeBSD, but they're only able to get the PF from OpenBSD 4.5 into 9.0-CURRENT (which is what pfSense 2.1 uses).

            I run OpenBSD on my firewall and I mainly run -CURRENT from snapshots and I've never had any problems. -CURRENT rarely breaks.

            • but they're only able to get the PF from OpenBSD 4.5 into 9.0-CURRENT (which is what pfSense 2.1 uses).

              It looks like the big news is IPv6 packet fragment reassembly and ACK prioritization, which would have been really useful to have if pfSense 2.1 is supposed to be 'the' IPv6 release.

              I see some groundwork for future traffic shaping features - what else did I miss?

        • Just install from snapshots every few weeks.
  • My server runs OpenBSD. It has a really good firewall, and it's absurdly secure. I'm not enough of a masochist to run it on a desktop but if you configure it properly it makes an excellent server OS.
    • You should... you aren't forced to use GNOME or KDE (I use sctrotwm), and I can run gimp, vlc, mplayer, libreoffice (or openoffice.org, because choice=freedom). Most all of the software you use is available on OpenBSD, and if not, the ports system is pretty easy to use to create software ports and packages in OpenBSD.

      plus, as long as you do your homework before posting something to the list, you'll generally get some great people to help you...

  • by kriston (7886)

    OpenBSD is only perceptually secure. There is no unbiased audit process. There is no verification by a third party. There's just narcissism. The only reasons we think OpenBSD is secure are:

    1) OpenBSD supporters said so.

    2) Few people who say they use OpenBSD actually use OpenBSD. As a result, few security holes are found and published.

    Please prove this wrong. All I'm seeing are various forms of cognitive distortion and fallacies when people try to prove to me that OpenBSD is truly more secure.

    • by Ptolom (2191478)
      It's quite tricky to prove you wrong, but easy to prove you right. (if you are right) Just find a remote exploit or two.
    • by hedwards (940851)

      You're wrong, because of the claims and the track record, finding a vulnerability in the base install is a great way to make a name for oneself as a security researcher. In the last decade only one has been found. Which is pretty damn impressive by any standard.

      Probably the only better way of ensuring that level of security would be paying out a million dollars for such an exploit.

    • by MikeBabcock (65886) <mtb-slashdot@mikebabcock.ca> on Tuesday November 01, 2011 @12:40PM (#37909840) Homepage Journal

      If its security is important to you, you're fully capable of funding your own audit from a third party, either solo or as a group effort. Put together a requirements list, find out a price, and start asking others to chip in until you can afford it.

      You're also free to Google for "OpenBSD exploit" and look at all the (very few) results for actual remote exploits.

      OpenBSD has always had much more intelligent (secure) default settings for its installed services and packages than Linux or Windows, but I don't administer any OpenBSD boxes regularly myself because its a bit of a pain for day to day patches and updates compared to Linux. There's a trade-off to be made between security and hours available in the week.

    • by Anonymous Coward

      ...did you use SSH today?

    • by Uberbah (647458) on Tuesday November 01, 2011 @01:18PM (#37910274)

      The only reasons we think OpenBSD is secure are:

      1) OpenBSD supporters said so.

      So we should all realize that OpenBSD is overrated. Because you said so.

      • by LWATCDR (28044)

        Actually yes you should.
        He did not say that it wasn't secure he said that it wasn't provably secure. They say they are secure but their has been no third party testing or auditing of the code so It all comes down to "We are secure because we say so."

        OpenBSD does have a very good track record but that could be in part luck or just that they are a small target. It could also mean that it is that secure but without a security audit by a third party it is all just taking the developers word for it.

        • by iggymanz (596061)

          A small target? Their security wares (including openssh and openssl) are used by almost all the Unix, BSD, Linux. and by major companies (cisco, juniper, HP, etc.). That makes some of the wares of the OpenBSD team a HUGE target. Now where will you find the most secure implementation of those wares in an operating system?

          • by LWATCDR (28044)

            So?
            First OpenSSL are a separate project.
            Second their is more to an OS then SSH and SSL.
            Third do you know what provably means? Until you have a formal 3rd party code audit it isn't provably secure. It could be the most secure OS on the planet but it is that provable part that OpenBSD is lacking. If OpenBSD had good support for ZFS I would be tempted to use it on a NAS because it does have such a good track record.

            • I was referring to the OpenSSH and OpenSSL implementations that the OpenBSD team developed from scratch.

              • by LWATCDR (28044)

                Remove one and renumber the rest then. WRONG!!!! Still not provably secure.

                • by iggymanz (596061)

                  Yes, "real world" provably secure rather than your "ivory tower knothead" secure. The thing has stood the attacks of the wild, and has the admiration and use of experts in the field. the kind of audit and certification you are talking about means nothing, suppose the pathological liars of Gartner commissioned some agenda-driven study.....

                  • by LWATCDR (28044)

                    Real world provable?
                    Dude get you panties out of a twist. I never said that OpenBSD was terrible or that it's security sucked. Heck if it supported XFS well, I would be tempted to use it for a SAN or NAS because it has such a good track record.
                    Mindless fandom like you exhibit is unprofessional and frankly hurts the reputation of OpenBSD.
                    I am sure that the OpenBSD team would love to have someone pay for a third party security audit of their code. I can understand that it is expensive and they do not have the

    • Well, at least the OpenBSD guys admit on their _own_ homepage the last time they were vulnerable. What other OS manufacturer does that at _all_ ??

      I appreciate the honesty and public disclosure -- not trying to sweep it under the rug like almost every OS does.

    • Since Halloween was yesterday:

      Kriston, if there are no candies at the store, the store has no candies for sale. That's not to say there couldn't be any candies left in a drawer by accident, but, no one knows if they exist, hence the above still holds true: the store has no candies for sale. There is no need for an external audit, because, even if you found some candies in a drawer as a result of the audit, the store still had no candies for sale at the time when they claimed they didn't have candies for
    • by epine (68316)

      Please prove this wrong.

      Why? So that you can stand there raising and lowering the bar with your brain on dial-tone while everyone else does the heavy lifting?

      I'm sure it costs tens of millions of dollars to prove that any system is secure, and the proof won't even be correct. Does OpenBSD say "provably secure" on its web site? I didn't think so.

      You want proof? You can't afford the proof!

      In the real world, this is actually a matter of judgement and prudence. Your assertion that no-one tries to attack

    • Then why does the OpenBSD team have recognized leadership in the security industry, their wares are part of major OS such as HP/UX, Sun Solaris, sgi IRIX, and in products such as certain models of Cisco and Juniper routers and HP Procurve switches?

    • by Chrisq (894406)

      Please prove this wrong.

      Right, just after you prove that there isn't an invisible pink unicorn sitting on my monitor.

  • I keep wanting to try one of the BSDs out on a preliminary basis to see how it compares to Linux, but honestly every one of them has irked me from the point of installation. I've tried FreeBSD, OpenBSD, and PC-BSD.

    The former two were somewhat cryptic to me, despite 10 years of Linux experience. I've done everything from manage servers to develop for embedded systems, and I always managed to figure things out. But FreeBSD, for example, gives me this somewhat counter-intuitive menu to go through, most of w

    • by the_B0fh (208483)

      And what the fuck does anything you said have to do with OpenBSD?

      Hint: OpenBSD is NOT Linux. It's *UNIX* so you have to understand slices.

    • by iggymanz (596061)

      How strange, OpenBSD even gives you option of automatic disk partition layout, they'll do it for you! on a DHCP network with typical desktop PC you could take defaults all the way except for providing root password and any username/password you want through the install, and have a bootable system in less than ten minutes. It's faster than installing typical GNU/Linux or Unix, that's for sure.

  • Any benchmarks with ZFS yet?

    • by iggymanz (596061)

      yes, Oracle still refuses to put a decent license on their wares. So once again they fail the OpenBSD's team's benchmark

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...