OpenBSD 4.1 Released 218
adstro writes to quote from the BSD mailing list: "We are pleased to announce the official release of OpenBSD 4.1. This is our 21st release on CD-ROM (and 22nd via FTP). We remain proud of OpenBSD's record of ten years with only two remote holes in the default install. As in our previous releases, 4.1 provides significant improvements, including new features, in nearly all areas of the system."
Just curious... (Score:5, Interesting)
For those of you using OpenBSD, how many of you are in a similar situation?
Downloads (Score:4, Interesting)
(Yes, that was annoyed sarcasm). I'd rather donate to the project and download an image than get one shipped, I can't believe OpenBSD is still refusing to provide Official ISOs.
OpenBSD 4.1 Release Song (Score:5, Interesting)
http://www.openbsd.org/lyrics.html [openbsd.org]
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song41.mp
Re:Downloads (Score:2, Interesting)
Re:Just curious... (Score:1, Interesting)
generally, I just keep a copy of all the files I change in
and simply back this up prior to the uprade,
reinstall 'new' (not upgrade), make sure my ethernet if's didn't change somehow,
and just diff & cp until I'm up to date.
usually takes about 1-2 hours each release, since I've really only touched
pf.conf, rc.conf, hostname.if, and a few others.
for the guy with the 16MB: just rebuild the kernel with less drivers, etc..
might take 6 hours, but hey, it will still compile, right?
Re:Yea, but... (Score:5, Interesting)
Re:Just curious... (Score:2, Interesting)
The example I used was that the version of sendmail they had been distributing had a vulnerability that could be exploited to allow someone to allow the execution of arbitrary code with elevated privileges. The response I got was that, because they pre-configure sendmail to only accept connections from the local host, it's not a remote vulnerability -- it's a local one, and thus doesn't count.
I'm sorry, but if all I have to do to "default install" to have a remotely exploitable vulnerability is reconfigure a service that is installed and running in the default install to accept connections from remote computers, I think the claim is disingenuous.
I'm not saying that I have a problem with OpenBSD -- I use it on my firewall boxen and love it. I just have issues with some of their advertising.
Re:Just curious... (Score:3, Interesting)
OpenBSD is great because maintenance is much easier. I don't have to worry, for example, about a broken libc after an 'emerge world' like I do on my linux boxen at home. That's an extremely painful lesson to learn.
BTW, if you love the OS as much as you say you do, shell out the 50 clams to buy a CD set. If donating doesn't give you that warm, fuzzy feeling, at least the cool stickers will. The latest set comes with a wireframe Puffy. Awesome.
Re:Just curious... (Score:4, Interesting)
True, but you should also read about PrivSep [umich.edu], W^X, security levels [openbsd.org], systrace [openbsd.org] and other important security mechanisms that mitigates those risks (while not entirely eliminating them). All of these (and more) make a well-configured OpenBSD machine a very tough nut to crack. So to speak.
To me, the best thing about OpenBSD is not that it is perfectly secure (that can't be achieved) but that security is taken seriously and all this mechanisms are activated by default. The excellent documentation, especially manual pages vs the GNU unreadable info pages mess, and reactive developper community are also big pluses in my book.
Re:Downloads (Score:3, Interesting)
BSD is dead. As long as they have the antique command line tools.
Well Linux, and every other Unix like OS including Mac OS X, are dead then as they also include "antique" command line tools. In fact Windows must be dead as well, as it includes command line tools, albeit piss-poor ones.
Think whatever you want, but I cannot live w/o GNU command line. bash alone isn't sufficient - text-tools, file-tools are also important.
Last time I checked, the ksh that comes with the BSDs can do everything bash can. The BSDs include all the command line tools that the GNU file and text tool packages have, after all they're clones of the Unix ones found in BSD, plus with the BSDs the manpages are actually complete and usually include examples. With the GNU tools you are often faced with an incomplete or out of date manpage that refers you to some difficult to navigate or search "info" pages.
e.g. BSD's moronic find requires directory name - while GNU one picks current directory by default. All GNU tools support --help and --version - try to find common help displaying option in BSD variants. Not that BSD tools helps output is any useful anyway.
Wow, GNU find extends POSIX with one extra feature that I've never used in over a decade of using it. As for --help, that's what manpages are for (sorry, I forgot that your GNU manpages are incomplete), and --version, how often do you need to know what version of find you're using?!?
Also BSD's ps suck big time.
Hmm, last I checked the output of both ps on Linux and NetBSD looked remarkably similar. Note that what you probably consider "GNU ps" is actually "Linux ps", as the implementation of such a command tends to be very closely tied to the kernel it's running on.
The stupid insistence on using 'more' instead of 'less' isn't helping either.
Oh dear, never heard of the PAGER command line variable? I guess your particular brand of Linux just happens to default it to /bin/less. Funnily enough, so does /etc/skel/.profile on my BSD machines.
Also, it might surprise you, 'vi' is no more. Everybody had forgotten what it is - for good - and are using 'vim' instead. But the fact remain: BSD has no sane decent text editor preinstalled. Because POSIX 'vi' cannot be called 'sane' nor 'decent'.
nvi, the default vi on BSDs has more features than the minimum required POSIX - see the Solaris implentation for something approaching that minimalism! Personally I find vim to be a mess, and have had it crash on me a number of times. However, the approach taken with the BSDs is that a minimum is included in the base install and ports or packages can be added to create the "perfect" environment. That said, OpenBSD includes a minimal emacs workalike in the base install which may be more to your taste.
Constructive note. BSD should align themselves with Debian or Gentoo.
God no. Gentoo is grinding to a halt as it's an unstable mess, while Debian reflects the whole GNU mentality of replacing things with new, no less buggy implementations every so often, with no interface consistency and way too many esoteric features. Having fought with aptitude and had it crash far too many times, I'm more than happy with the BSD ports systems instead.