OpenBSD 3.2 Available 331
fredrikv writes "Right on time, the files defining OpenBSD 3.2 have moved away from "snapshots" to the 3.2 directory of the OpenBSD mirrors. It is well known as the world's most secure operating system and now sports chroot'd Apache, fewer suid binaries, cool pictures for xdm-logins, a brilliant "antispoof" packet filtering rule and as usual includes lots of small updates and fixes. The files are there. What are you waiting for?"
FreeBSD (Score:2, Interesting)
Re:FreeBSD (Score:5, Informative)
Re:FreeBSD (Score:4, Informative)
Re:FreeBSD (Score:3, Insightful)
Nah, stick to FreeBSD for your desktop. OpenBSD might be secure and great for firewalls, bastion-hosts, but for a large multiple CPU server box, I rather use FreeBSD, Linux or Solaris.
Re:FreeBSD (Score:5, Informative)
OpenBSD has less 'nice' functionality, slightly less performance tuning, and no SMP support.
On the other hand it has an extremely well-audited source tree (by largely the same developers as OpenSSH), SoftUpdates, the new systrace work, an excellent brand new packetfilter that has yet to fail to impress from either a security or speed standpoint . .
OpenBSD isn't really so much the most secure OS in the world as it is in many situations the most secure OS on the x86. For most of us around here, that's probably close enough as makes no odds.
The last release (in a bug that affected the prior release as well) had an OpenSSH issue in the default installation that became the first remote compromise for the default installation in nearly 5 years of the operating system. Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd). Because of this and a few other errata, 3.2 has been looked forward to for a long time.
To sum, you have a stripped-down no-nonsense OS with all of the unnecessary crap tossed out of the default installation and available as ports and packages to those that want it. The perfect OS for those who want a secure router, and/or single/few-function server. This isn't an appropriate choice if you need more than a commandline, really, and there's a fair amount of pride amongst the user community over that.
Re:FreeBSD (Score:2, Informative)
FreeBSD has softupdates too.
Admittedly, most things are turned off by default (although I wish a few more - portmap, inetd)
portmap is turned off by default in OpenBSD 3.2.
The perfect OS for those who want a secure router, and/or single/few-function server.
my OpenBSD workstation runs the same apps i need to work as my linux workstation does, and that is quite a few apps, yes i do real work.
This isn't an appropriate choice if you need more than a commandline, really,
X works fine in OpenBSD and i bet most users who use OpenBSD use X on OpenBSD desktops and commandline on *all* their Unix servers, regardless of flavour (why should a dedicated webserver/firewall/database need X running?).
OpenBSD use. (Score:2, Informative)
It has been over two years (since 2.7, actually) since OpenBSD sucked me in with its simplicity, security and *good* documentation.
In that time I have never started Xwindows on an OpenBSD machine. There is no need.
OpenBSD has been a solid firewall, router, bridge, MX, DNS server, NIS, NFS, Web, SSH/SCP/SFTP machine with nary a GUI to be seen.
With 3.2 they have finally done superb work with locking down services. This is even extended to services that are not on by default, such as apache. They have also gotten right of that annoying
Platforms (Score:2)
Part of the difference with OpenBSD is that it runs on way more platforms than FreeBSD does. It's not as many as NetBSD (its parent) but it's a lot closer to NetBSD than FreeBSD.
What Am I Waiting For? (Score:5, Funny)
Re:What Am I Waiting For? (Score:4, Funny)
6 months (Score:2, Informative)
Every 6 months there is an OpenBSD release.
Every time they add
It is a simple as that.
Well .. (Score:5, Funny)
5:30pm, 8 pints of lager, one dodgy kebab and a chance to yet again make a piss poor attempt to chat the attractive barmaid up.
Well you did ask!
Re:Well .. (Score:5, Funny)
barmaids get slashdotted by drunk guys every night. i recommend you search your neighbourhood for a mirror so you can have all the bandwidth to yourself.
Re:Well .. (Score:4, Funny)
Surely this would only work if you were a hopeless narcissist.
Re:Well .. (Score:2)
I'm waiting (Score:2, Funny)
What are you waiting for?
Ummm... a Linux port?
Re:I'm waiting (Score:4, Informative)
Where are the background pictures? (Score:2)
Someone to provide a direct link to the xdm backgrounds so I can use them on my Linux systems.
Actually, I didn't wait and started trawling through their FTP archive looking for them before deciding that was a) selfish and b) stupid. At least I had enough sense not to download XFree hoping they were in there and not in a separate artwork package...
Re:Where are the background pictures? (Score:2)
Re:Where are the background pictures? (Score:2)
It's good, but not that good (Score:4, Insightful)
Whoa, partner. Sure OpenBSD is designed with security in mind, and as far as the BSDs go (which are generally pretty secure in their own right), it's probably the tightest. But it's quite a leap to say that OpenBSD is the most secure operating system in the entire world.
I don't know which OS would get that "award". But I'd have to believe that it'd be something obscure like a tiny, embedded, OS the NSA uses in their crypto equipment or some such.
Re:It's good, but not that good (Score:2)
An embedded OS, especially if it has no networking, sure. For general purpose operating system that actually communicate with the outside world, my vote would have to be OpenVMS. So secure it makes even OpenBSD look as leaky as cheesecloth... (Buffer overflow exploits? No such thing in VMS.)
Re:It's good, but not that good (Score:4, Insightful)
Otherwise, I tend to agree, but OpenVMS is bi*ch to configure.
Re:It's good, but not that good (Score:2)
Re:It's good, but not that good (Score:3, Insightful)
Ok, so you believe, programs are absolutely immune against buffer overflow exploits on OpenVMS?
Then I'll show you a simple example of a buffer overflow exploit on OpenVMS/Alpha.
---
The victim program compares a user-supplied password with a password stored inside a file.
I wasn't able to include the source code, because I always get errors like "Your comment has too few characters per line (currently 24.5)." if I do.
Email me, if you'd like to get the complete source code, and I'll send it back to you.
$ cc vmshackme.c;1
strcpy(l_input, input);
%CC-I-IMPLICITFUNC, In this statement, the identifier "strcpy" is implicitly declared as a function.
at line number 66 in file $DKA100:[USERS.OCTOGEN]VMSHACKME.C;1
if (strncmp(l_input, l_pass, _max_pwd_len) == 0)
%CC-I-IMPLICITFUNC, In this statement, the identifier "strncmp" is implicitly declared as a function.
at line number 68 in file $DKA100:[USERS.OCTOGEN]VMSHACKME.C;1
$ link vmshackme.obj;1
$ type pass.pwd;1
openvms
$ run vmshackme
openvms
Password correct
$ run vmshackme
os400
Wrong password, try again.
$
-----
The program works, as you can see.
Now I'll type in a bit too much:
$ run vmshackme
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Pas
$
-----
What I'm exploiting here is nothing else than a simple example of a buffer overflow.
Even if you can't execute arbitrary code (and I'm quite sure you can do that, too!), you can still damage data structures, data pointers, numeric values like buffer offsets and many other things - so there are a lot of possibilities left for exploiting a buffer overflow vulnerability.
AS/400s have hardware protection for system pointers, so they are even more secure than OpenVMS. But even on AS/400s you can still damage space pointers, and I'm quite sure, this example program would even work on an AS/400.
It might not be possible to execute arbitrary code on an AS/400, but you can still damage many things by exploiting buffer overflows.
---
regards,
octogen
Re:It's good, but not that good (Score:2)
Re:It's good, but not that good (Score:3, Informative)
VMS is architected such that overflowing data cannot be executed (i.e. doesn't get passed along to the shell). As far as the kernel level code itself is concerned, overflows don't occur in the first place due to the universal use of descriptors to pass data to system-level calls.
The complete OpenVMS doc set is available on the web from a link at http://www.openvms.compaq.com [compaq.com]. There are also several good books on OpenVMS internals, with links to info on them available at the same place.
Re:It's good, but not that good (Score:3, Insightful)
The same is true for Solaris/SPARC, if you configure it correctly.
You don't need to execute overflowing data, it can even be enough only to change a function pointer, and the program would run some code which was already there before the overflow occurred.
This code would be executable, because it's simply a part of the running program or of a library used by the running program.
Just changing some piece of data which gets passed to a system call can also be enough to break security.
From a technical point of view, applications on OpenVMS are just as vulnerable to buffer overflow exploits as applications on Solaris/SPARC (with noexec_user_stack set to 1).
On both OSs you can't execute overflowing data.
But on both OSs you can (sometimes) circumvent this sort of protection.
Re:It's good, but not that good (Score:2)
Reference please? I remember mention a few weeks ago of a flaw related to the pop3 executable being installed with too many privs, giving anyone who executes it from the command line the option to willy-nilly overwrite any file with its log file. Config issue. Not a buffer overflow exploit.
Re:It's good, but not that good (Score:2)
Most Secure OS (Score:5, Interesting)
Re:Most Secure OS (Score:2)
Re:Most Secure OS (Score:2)
That depends on what you mean by most secure. For me it's very important how fast they fix the bugs. And remote holes are much more important than local ones (I don't have local users I don't trust).
-jfedor
Re:Most Secure OS (Score:2, Insightful)
you have users you can trust? god, do i want your job.
my users can't be trusted to follow the simplest directions. EVERYTHING better be automatic and iron-clad or they will find a way to break it.
Re:Most Secure OS (Score:2, Informative)
"Most of the known software vulnerabilities announced in 2002 affected Microsoft Windows (44%) followed by Linux (19%), BSD (9%) and Sun Solaris (7%). By comparison only 0.5% of the vulnerabilities announced in 2002 affected SCO Unix, and 1.9% affected Mac OS and Compaq Tru64 systems respectively."
It might be that no one is noticing mac or BSD flaws beacuse many fewer people care. A straight line weighting doesn't make sense either. We should expect a diminishing marginal return on eyeballs. The point is that this overstates Linux and Windows bugs and understates the others(actually I don't know usage rates on Linux but I assume it is the third most used OS.)
Re:Most Secure OS (Score:3, Interesting)
The above uses attacks per overall attacks as the rating for the OS. What should be done is OS specific attacks per installed machines running the particular OS.
MA -- machine attacks
TA -- total attacks
MI -- machines installed
TI -- total installed
The article gives MA/TA, but we want MA/MI. MA/MI gives the vulnerability of a particular OS seperated from the quantity of attacks. I don't know the total number of installed computers, but say it's 10,000,000. Then the MA/MI for Mac's is:
10,000,000 * 0.03 = 300,000
31/300,000 = 0.000103
So about 0.0103%. By contract look at the Windows numbers. Suppose Windows has 75% market share.
10,000,000 * 0.75 = 7,500,000
31,431/7,500,000 = 0.0041908
So about 0.41908%. These numbers show what percentage of installed machines will be affected instead of what portion of all attacks they represent. Another way to think about it is say you have 1 machine running CrappyOS and that machine is attacked. It will only represent 1/57,978 hacks performed in 2002. By contrast MA/MI will be 100%, meaning that every single machine running CrappyOS was hacked.
Numbers don't lie, people do.
Re:It's good, but not that good (Score:4, Informative)
Y'know how OpenBSD used to brag about "X years without a remote root exploit in the default install"? These days, it's NetBSD that carries the "longest since remote root in default" banner, and they'll continue to have it (though they're a bit to understated to brag about it) until OpenBSD turns off incoming SSH and RPC.
Think that's a silly argument? Check your nearest OpenBSD box. Is it running RPC? Does it need to be? Isn't "turn off unnecessary services" one of the fundamentals of securing a box?
security (Score:2, Insightful)
That is true.. if you do a default installation and make absolutely no change to any of the services that come installed with it.. that's why it was secure for 4 something years.. but they didn't mention that if you had an old BIND version at the time it would still be "secure"
Re:security (Score:5, Insightful)
It's pretty common to run a few releases back on important and complex daemons like BIND, or Sendmail.
There is little value in going to BIND 8 or 9 if it has not been audited by the OBSD team first. BIND 4 is well understood and the faults, warts and bugs are well-known. BIND 8 is still new enough that it is considered an unknown.
This is one of the downsides (if you consider it a downsid) of trying to be "secure by design".
Of course, OBSD is free, as in beer and as in speech. This means you can run a parallel box with BIND 8 or 9 (or whatever) yourelf until you deem it safe. The responsibility is now yours to maintain security on that chunk of the OS, but everything is a trade-off, especially in host security.
BIND 8/9 will eventually make it into a future release. 99% of us do not need it, however, and so having a well-known and secure BIND 4 implementation has more value for the rest of us.
Re:security (Score:2)
Amen to that. Between that and choosing postfix instead of sendmail, my new mantra is "simplifiy, simplify, simplify".
I don't think so.... (Score:5, Funny)
Hear that sound? It's the VMS users (all 8 of them, currently, unless Fred's VAX killed his mains power again and he switched to OSX) choking on their lunches in laughter.
Re:I don't think so.... (Score:2)
I thought "security by obscurity" didn't count ;)
Re:I don't think so.... (Score:2)
Re:I don't think so.... (Score:4, Funny)
Re:I don't think so.... (Score:4, Funny)
It's well known that MSDOS is the world's most secure operating system.
No network access and so completely secure from remote break in, and if anyone breaks in from the console there is bugger all they can break and no one cases what they do anyway.
Security by obsolescence.
Re:I DO think so.... (Score:3, Interesting)
OpenBSD is what you make of it... If you set everything SUID it's certainly not going to be very secure, but you can secure an OpenBSD system extremely well if you want to do so.
Stick that in your VMS pipe and smoke it!
*ahem*, not quite (Score:2, Redundant)
Let's rephrase that as, "It is well known as the world's most secure UNIX operating system." Otherwise it's not true.
OpenBSD 3.2 release (Score:2)
Re:OpenBSD 3.2 release (Score:2)
Not to troll (well, not much anyway) but interesting to see this here when Linus was adamant about not getting this into Linux, the whole false sense of security thing. Has this changed in Linux? I've heard of stack smashes, never a head attack. I wonder how common these are.
Good to see (Score:2)
Now only if they could speed up the network and disk I/O to the levels of FreeBSD. Oh, and SMP would be great, too, but according to the OpenBSD developers, that's not a hot project of theirs.
So until then, I still keep a watchful eye, and a PC in the closet where it belongs with the latest version installed as a toy to play around with.
What are you waiting for? (Score:3, Informative)
SMP Support.
New songs too... (Score:2, Insightful)
ftp://ftp.openbsd.org/pub/OpenBSD/songs/ [openbsd.org]
ftp://ftp.usa.openbsd.org/pub/OpenBSD/songs/ [openbsd.org]
(other mirrors have not caught up yet)
The lyrics are available from:
http://www.openbsd.org/lyrics.html#32 [openbsd.org]
And there's a new song, too (Score:3, Informative)
This time it's a Bond-movie theme, which matches the new logo [openbsd.org].
-jfedor
Official 3.2 CD and Poster available too (Score:3, Informative)
Support the OpenBSD developers by getting a
3.2 CD $40 [openbsd.org] or for Europe EUR 45 [openbsd.org]
The new new 3.2 poster [openbsd.org] is very nice too, get it for [openbsd.org]
$10 US or EUR 14 in Europe [openbsd.org] The European size is 70x100 cm
Still won't boot above 8 Gig (Score:2)
Re:Still won't boot above 8 Gig (Score:5, Informative)
Well, this is a hardship only because you want to dual-boot, I'm guessing. Otherwise, you just partition and mount so that / is on the first 8Gb slice.
There are third-party boot managers that do magic to allow booting to happen from almost anywhere, for almost any OS. I don't know if it works with OBSD or not.
I've only run OBSD stand-alone on headless edge boxes, so I've never worried my pretty little head about the 8Gb limit. I'm assuming most folks who pay for the CDs every 6 months or so feel the same way. Well, that and the stickers. The stickers rule.
Re:Still won't boot above 8 Gig (Score:2)
No, OpenBSD is unique. You have to plan for OpenBSD before you ever install a multiboot machine. The only way to get it to work is to put a small boot partitiion near the beginning of the disk. Unfortunately, thats not how most people end up installing OS's. First Windows, then Linux or something, then another OS, sequentially installed over time. I'd like to try OpenBSD, but I've put so much time into getting my -stable and -current FreeBSD partitions right, that I just can't redo the whole computer.
Re:Still won't boot above 8 Gig - Clueless AC (Score:2)
I hate it when I get all testy. I get modded down.
Re:Still won't boot above 8 Gig- IDIOt (Score:3, Insightful)
OpenBSD is a SERVER operating system. 99.99999% of the people using OpenBSD use OpenBSD as a SERVER
Rubbish.
The OpenBSD ports tree [openbsd.org], while not as brimming with goodies as FreeBSDs, has loads of software for use on the desktop.
My desktop *NIX boxes at home and work are both OpenBSD with lots of decent software installed via ports. I hardly think that developers would bother making a port of only
New PF syntax info (Score:2)
The complete 3.2 errata has numerous mentions of improvements, including antispoof and better handling of inappropriate/nonsensical statements. A more thorough explanation is what I'm hoping to find.
Thanks!
sedawkgrep
Re:New PF syntax info (Score:3, Informative)
pf.conf(5) [openbsd.org]
pfctl(8) [openbsd.org]
pf(4) [openbsd.org]
yes, we need SMP (Score:5, Insightful)
What's great about Open over Free (and most Linux distros) is simply that one can go from zero to installed, up and running in no time flat. The need to secure the OS is minimal (though as another said, why portmap and why inetd?), which also greatly reduces time to production. And no worries about all of those "extra" packages that one doesn't want installed that get installed whether you like it or not, and then having to find a way to yank them out.
That said, yes, I pre-ordered my CDs.
Jud.
Re:yes, we need SMP (Score:5, Informative)
1) It makes security that much harder. Think
2) 99% of the software on openBSD is fork/exec anyway. You might as well use assymmetric multi-processing, or, better yet, buy 3 uni-proc boxes for the price of a dual proc box, and partition your load accordingly.
OpenBSD based floppy firewall? (Score:3, Interesting)
Re:OpenBSD based floppy firewall? (Score:3, Informative)
not quite OpenBSD, but it's a BSD that fits on a coupla floppys.
Re:OpenBSD based floppy firewall? (Score:3, Informative)
The real Release notes: (Score:5, Informative)
Please go to http://deadly.org where they did make it through.
Please provide .iso's (Score:3, Interesting)
What do others think?
Re:Please provide .iso's (Score:2)
In my experience, if you provide an ISO, nobody buys a CD, and they just burn the ISO. With OBSD, at least one person buys a CD, and all his/her friends copy that.
This helps OBSD make exactly one sale, instead of none.
Seriously, I don't know. There isn't much incentive to buy OpenBSD CD sets (or any free OS, for that matter) in the first place. Giving the CDs away is just not going to help that, if you ask me.
Then again, I've bought few CD sets myself; I usually just get a few t-shirts and install via FTP and/or create my own ISO.
Re:Please provide .iso's (Score:2)
OpenBSD has a CLI, but clean install routine. If you read the install directions, anyone can successfully install it via ftp, with only 50-200megs of net traffic.
Finally, they put in a ton of effort to have great man pages. Thus, the support base expects you to read before asking questions. Therefore, if you aren't willing to read the install guide to do a ftp based install, you aren't going to have much luck with the OS and its support community.
ostiguy
if you have the bandwidth for isos you have it for (Score:4, Insightful)
just because there are no "Official" iso's does not mean that they are not available from "Unofficial" sources just look around but you really should support hte project if you can
(the t-shirts/posters/stickers are all cool and the later can only be found w/ the official cdrom distribution)
my personal server (which is used primarily for NAT and personal ftp) has been running OpenBSD for years and it's certainly hte most elegant and simply designed UNIX based system that I've ever used and is far more intuitive and secure than Linux (which i have also dealt with since '95 and presently have a debian desktop machine running under my desk so no flames please) by default.. anyway my $.02
here is a link to the floppy internet based install instructions: http://www.openbsd.org/faq/faq4.html#Media
Re:Please provide .iso's (Score:2)
Seriously, making your own OpenBSD CD is not that hard; you just download the files, the boot floppy images, then boot with that floppy, check the path in which it looks for the installation files, and then make a CD with files in that path and using the boot floppy image as your El Torito boot image. I've been doing it since 2.9 and it works like a charm. I put all the files on CD anyway, to save HD space on our server, and making it so that the CD was bootable and could be installed from was obvious and simple.
Same horrible fdisk and disklable process? (Score:2)
Re:Same horrible fdisk and disklable process? (Score:2, Insightful)
Re:Same horrible fdisk and disklable process? (Score:3, Interesting)
Re:Same horrible fdisk and disklable process? (Score:3, Insightful)
Yes, the disk partitioning is the least intuitive part of the install, but it only took a complete newbie like myself a few times (3, maybe 4) to feel comfortable with it so I think you might have missed something in the documentation. I was using "Building Linux and OpenBSD Firewalls" at the time as well, but it's all there on the screen for you.
psxndc
Signed files? MD5s? (Score:4, Interesting)
That said, how can I trust that my copy of the "world's most secure operating system" hasn't been tampered with? OpenBSD does not sign their files with PGP, GnuPG, or OpenSSL (yes, the latter has been suggested on lists). OpenSSH does. Why can't OpenBSD?
The ports tree, the kernel source, and the rest of the base source (ports.tar.gz, srcsys.tar.gz, and src.tar.gz) don't even have published MD5 hashes (but the archetecture-specific binaries do). The source matters, because (aside from using potentially unstable snapshots binaries) you need the source to apply security patches as security issues are discovered.
For an OS with such a focus on cryptography "because we can", I don't see it being used where it counts. (I've written to the misc list, and only received one response. I've filed a bug report and have received none.)
Re:Well, I'm waiting for a downloadable iso (Score:5, Informative)
IF oyu want it bootable, that's also fairly easy to pull off as well. Just have it boot to the floppy image.
Otherwise, buy a CD.. we need the money.
Re:Well, I'm waiting for a downloadable iso (Score:2)
Re:Well, I'm waiting for a downloadable iso (Score:2)
Re:Well, I'm waiting for a downloadable iso (Score:2)
The other reason i purchase a cd rather than download a iso made by someone is it seems to me to be rather a wierd thing to do. Go for a secure distro, then download a iso from someone you have never met, dont know how they are connected with teh team and therefor can be adding god knows what to the install. So peeps, either do a net install, or buy the cds. Please
Re:Well, I'm waiting for a downloadable iso (Score:3, Insightful)
Re:OpenBSD questions (Score:3, Informative)
Re:*BSD (Score:5, Informative)
Depends who you talk to ;)
A good place to start is here [openbsd.org], to find out what the intentions of the OBSD project are. Then check out the OpenBSD Journal [deadly.org] to see what people do with it.
My two cents: OBSD really shines as a secure inet server. Things like httpd, sshd, firewalling, bridging, routing. People do use it as a desktop, but IMHO it is not as desktop-friendly as FreeBSD. *shrug* I run it basically headless, as does everyone I know.
Then again, a cutting-edge desktop system is not a primary concern of the OBSD project.
Re:*BSD (Score:4, Informative)
Java 1.3 is not "production" ready on any BSD, AFAIK. I've looked into this quite a bit, and even ported an app to FreeBSD.
They have recently been blessed by Sun to provide a native version of the JDK (the previous versions ran in linux_compat mode), but it is not considered production-ready by the developers.
Our customer threw caution to the wind, and has been running our app for a year or so now on FreeBSD. So far, so good. We _did_ QA it. Sheesh.
OpenBSD Java support is still (again, AFAIK)) a tweakers domain. If you need official J2EE, go with Linux (or one of those "others").
Re:Threading issues resolved? (Score:2)
How long was that ago? I have never noticed any behaviour like that on the FreeBSD servers I put up. Oh, and one FreeBSD server I had set up once had around 50,000 simultaneous connections going to it, and it didn't flinch.
If it still has problems of the nature you describe, instead of fretting about it, you could send a PR, so the developers can fix it.
Re:Threading issues resolved? (Score:2)
Re:what happened? (Score:4, Insightful)
The OpenBSD folks do make OpenSSH but not OpenSSL.
Re:what happened? (Score:2)
Re:what happened? (Score:2)
Every 6 months, right on schedual. There was a release last May, one last December, the June before that, December before that, etc, etc, etc.
Re:what happened? (Score:4, Insightful)
The OpenSSH hole was to be expected, and was long past due. No software is perfect, this just proves it. Face the facs, it'll happening sooner or later.
I don't see what you mean what gee-whiz hardware. Hardware support is still pretty far down on the list, and even my new system is about 80%% supported at best. Security is still the critical issues, but the development teams is humans, and humans miss things.
Flashy features? Again the same thing. The reason I use OpenBSD is because it isn't so darn flashy. That and it just runs.
Path to shame? I think the 3.0 series has been the best yet, and the most innovative. I think it will continue to be too.
Re:what happened? (Score:2)
Really? I thought the OpenBSD team built OpenSSL for use with OpenBSD and OpenSSH. Or do you mean that the OpenSSL team writes OpenSSL and Theo & Co. build it?
"3rd party auditing of the source (which is what OpenBSD does for stuff it doesn't directly develop) won't find everything."
I thought the whole point that is touted with the code audits is that they don't let any bugs in. And to further develop on this statement, you're suggesting that having source code doesn't help any with finding bugs? I didn't know that Ballmer was right all this time.
"Face the facs, it'll happening sooner or later."
Latin factum, from neuter of factus, past participle of facere. A fact is something that has happened, not something that will or may happen. Anything that will or may happen coincides with assumptions and probabilities.
"I think the 3.0 series has been the best yet, and the most innovative. I think it will continue to be too."
Are you for real? Are you telling me hat software becomes better and/or more functional with time?
Re:what happened? (Score:4, Insightful)
This puzzled me. I've been running an OBSD router since 2.6 (and we've been running it at work since 2.8). The releases have been coming out pretty much every 6 months, haven't they?
I upgrade about once a year, so I often skip releases, but I think they've only missed the release dates a few times, and only by a week or so.
Bugs will be found, which (of course) is the point of the OBSD project. I just don't see any shame in that. Lot's of organizations get compromised. The real test is how the organization reacts and recovers.
*shrug* From my POV, the releases have been getting better and better. I can't imagine running anything else as an edge box.
Of course, I may be wrong. Even openbsd.org runs Solaris!
Re:what happened? (Score:2)
Re:Minimum hardware requirements? (Score:2, Informative)
You'll need at least 32MB if you will install OpenBSD. Could be 16MB, but you'll have to turn swap on during install, as the Installation Guide will tell you.
Just be careful to read it, and you'll be running OpenBSD in less than 20 minutes.
Re:Too bad (Score:2)
??????
What in the name of all that is holy are you running to make OpenBSD run "slowly" on a Sparc (even an old Sparc2 or even IPC) with 320MB? Although I prefer NetBSD over OpenBSD, they tend to both be *very* fast and lean.
Can you fill us in... I am very curious.
Re:Say wha? (Score:2)
If you're in the SE US you might have had a bit if difficulty getting through. Then again... they did just move.
Re:Waiting for.. (Score:2)
Yes i realize you can isntall over the wire and then create an image, but not when you are on a slow link.
Re:Waiting for.. (Score:2)
Well for one thing, the packet filter has a feature that turns away Code Red(and similar malformed data/buffer overflow attacks) before they can harm your precious Windows machine.
In all likelyhood, an OpenBSD firewall will protect Windows machines from vulnerabilites that have yet to be exploited.
Re:SMP support (Score:2, Funny)