Forgot your password?
Operating Systems Security Unix Upgrades BSD

OpenBSD 5.3 Released 109

Posted by Unknown Lamer
from the time-to-dump-core dept.
An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."
This discussion has been archived. No new comments can be posted.

OpenBSD 5.3 Released

Comments Filter:
  • OpenBSD is very cool (Score:5, Interesting)

    by Anonymous Coward on Wednesday May 01, 2013 @11:33AM (#43600903)

    OpenBSD is very cool. It's amazing what Theo and team have done over the years, and sadly, they don't get the cred they so richly deserve: OpenSSH, OpenBGP, pf, etc., and an awesome operating system that just works out of the box.

    I'm very surprised more has not been done with OpenBSD. If I ran a company of any kind, it would be OpenBSD on the servers and Linux on the desktop. I would trust nothing else on my servers. I've worked with OpenBSD professionally and it's a joy to use an easy, well-documented system.

    Kudos to you, Theo!

  • by Anonymous Coward on Wednesday May 01, 2013 @04:58PM (#43604089)

    You're right! Their code quality is over-hyped. OpenBSD code isn't appreciably better than experienced Linux and GNU developers, although they do favor portability more than most.

    What sets OpenBSD apart is a reluctance to write a shit ton of new code, and to inflict it on the world. Great developers write buggy code on occasion; developers with an eye to security and reliability choose to write less code.

    Just about _any_ Linux box could be easily rooted from the shell because there's so much code churn in the kernel and elsewhere. Linux security is no better than Windows at this point (and all the policy won't save you when the kernel is buggy). However, I would be cautiously optimistic that a stock OpenBSD box could resist being rooted from the shell.

  • by Anonymous Coward on Wednesday May 01, 2013 @08:04PM (#43605455)

    There is some truth to what you say. However, as an experienced IT security guy, one thing that makes OpenBSD "better" than Linux out of the box is its simplicity. Complexity is the enemy of security. And, more importantly, you did allude to the fact that security is a process, not a product. If I get root on anything, I own the box. Secret is to not allow this remotely. Use SSH keys, not SSH passwords for access. Use Radius, Kerberos, and others as a defense-in-depth measure, not just SSH. SSH alone might be fine for an at-home server, but in the real world, it's not.

    OpenBSD has better than Linux security out of the box because they do keep it simple. Theo and team understand that complexity is the enemy of security, and the tenets of UNIX also dictate that things be kept simple, that a program should do one thing and one thing well. Pipes exist to make complex commands and shell scripts to automate.

    OpenBSD is still a breath of fresh air in regard to code audits. While their code may not be the best, it's the most audited of any OS I'm familiar with, and it generally just works with little trouble.

    OpenBSD: not for everyone, but for those discriminating enough to want a very solid base from which to build certain services-based servers and gateways/firewalls.

Save a little money each month and at the end of the year you'll be surprised at how little you have. -- Ernest Haskins