OpenBSD 4.7 Preorders Are Up 191
badger.foo writes "The OpenBSD 4.7 pre-orders are up. That means the release is done, sent off to CD production, and snapshots will turn -current again. Order now and you more likely than not will have your CD set, T-shirt or other cool stuff before the official release date. You get the chance to support the most important free software project on the planet, and get your hands on some cool playables and wearables early. The release page is still being filled in, but the changelog has detailed information about the goodies in this release."
Re:Subjective summary is subjective (Score:5, Informative)
Re:Is ugrading OpenBSD still kind of a mess? (Score:5, Informative)
To follow up on my own post, they have a draft upgrade guide up it looks like (they recommend that it not be used yet though):
http://www.openbsd.org/faq/upgrade47.html [openbsd.org]
Looks like they include a utility to make life easier when upgrading... looks similar to what Gentoo Linux does when config files are upgraded... new configs are diff'd, and can be interactively merged, etc:
"OpenBSD now includes the sysmerge(8) utility, which helps administrators update configuration files after upgrading their system. Sysmerge(8) compares the current files on your system with the files that would have been installed with a new install, and gives you the option of keeping the old file, installing the new file, or assisting you in the manual merging of the old and new files, using sdiff. For past upgrades, we've presented a list of files that are usually copied over "as-is", and a list of files which should be changed, and a patch file that applies those changes to what might be in those files on your system. You may opt to use sysmerge to make the changes, or you may wish to use the patch file first, and then follow up with a sysmerge session to clean up any loose ends."
So it looks like they're at least making an effort to make it less painful
Re:Is ugrading OpenBSD still kind of a mess? (Score:3, Informative)
For example look at the debian lenny [debian.org] upgrade notes. They are way longer but generally debian based distros are considered some of the best for upgrades.
Re:Is ugrading OpenBSD still kind of a mess? (Score:5, Informative)
The funny thing (to me) is that the upgrade process looks a lot harder than it actually turns out to be. On our servers, it usually amounts to running the installer, running patch to update files in /etc, running a single command to upgrade all the installed 3rd-party software, and rebooting a last time to make sure it comes back up cleanly.
In practice, the things that OpenBSD doesn't automatically upgrade with the above steps are the kinds of things you wouldn't want a script to attempt, such as upgrading the firewall configuration to use new features. The process certainly isn't slick or pretty, but it does the job well and safely.
Re:It is the most important open source project. (Score:0, Informative)
What exactly is wrong with Windows Server security?
Only a fool who has never used OpenBSD would ask such a question.
Re:It is the most important open source project. (Score:0, Informative)
do you know what you're talking about? I'll take a gander and tell you: you're a fucking idiot.
the ability to have an admin in windows without a password is the reason for the security risk *by itself*. It's bad enough that malware and the likes can escalate their own privileges, but now they don't even have to guess the admin password to do so?
In case you're wondering you can do the same things in windows as admin as you can in linux, generally speaking. This means: screw the computer in an instant, rootkit it, etc.
is a misnomer. You could (and very likely do) have one, and have no idea, specifically because you have an admin account with no password.
Re:It is the most important open source project. (Score:1, Informative)
If you want one thing, how about this one: Long time between disclosures and fixes.
SSL renegotiation is still vulnerable in all Windows versions, something OpenBSD fixed in November last year.
Re:Is ugrading OpenBSD still kind of a mess? (Score:4, Informative)
You can just do the OpenBSD upgrade without reading those instructions... as you did with RHEL.
If you'd actually started to read those instructions, you'd have seen they outline basically all feature changes between the previous and current release. See:
Did the yum upgrade automatically make all necessary syntax changes in all corner cases in your config files to adapt them for the newest versions of the software? Obviously not... You're left to figure those out yourself. If the new version of iptables uses different options for some obscure option, you're screwed. Oh well, guess you should have read the RHEL 5.4 errata, which happens to be SEVERAL THOUSAND LINES http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/index.html [redhat.com]
Re:Most important free software project? (Score:4, Informative)
OpenSSH was a huge improvement in the security of networks the world over, but it's not at all the only thing OpenBSD has contributed to the world.
Certainly, OpenBSD's development of W^X security led to Microsoft doing the same, and Intel/AMD including instructions to make this easier...
OpenBSD's focus on code correctness and licensing has caused them to lead, and have Linux and other BSDs follow... They announced their dropping of Xfree86 in favor of Xorg before anyone else, and very soon after Xfree86 was no longer found on any OSes. Their objections over the performance, code complexity, and licensing of GCC4 led to them pushing alternative compilers forward, and other projects (like FreeBSD) followed suit, pushing hard to move their favored alternative compilers forward.
There's many more, but you'll have to wait for someone else to come up with a list...
Re:Subjective summary is subjective (Score:4, Informative)
Re:Subjective summary is subjective (Score:4, Informative)
i've had this arguement with openbsd people before. what it comes down to is openbsd is their toy and they like constantly updating rather then doing mundaine shit like patching old versions.
all well and good, it's their project they can do as they please, but don't pretend that it's a superior server OS, because it simply doesn't cut it if you don't have patch support after just 12 months. there's plenty of secure systems with more features and longer EOL's that make openbsd more trouble then it's worth.
Re:It is the most important open source project. (Score:4, Informative)
http://www.securityfocus.com/infocus/1765 [securityfocus.com]
This was all fixed seven years ago. IIS 6 and later have a pretty decent security record.
Re:Most important free software project? (Score:4, Informative)
Please stop repeating nonsense.
Darwin is a member of the BSD family. The XNU kernel originally was a single server Mach microkenel running a 4BSD kernel. The Mach components are now reduced and most of the kernel code is either from FreeBSD or from Apple, but it's as much of a BSD descendent as OpenBSD. The Mach part of the kernel manages threads and memory, nothing else. The UNIX process model, all UNIX system calls, SysV and POSIX IPC, the networking stack, and so on all run in the BSD server. On OS X, unlike some earlier Mach systems, the BSD server lives in the kernel's address space and accounts for most of the ring-0 code that an OS X system is running.
On top of the XNU kernel, Darwin has a userland that gets a lot from FreeBSD, but some things from other sources. The init system is Launchd, which is a home-grown Apple system (now open sourced). The libc is from FreeBSD, but quite modified. The libstdc++, standard shell, and a couple of other things are from the GNU project.
OS X is Darwin with a lot of proprietary stuff on top (the audio stack and windowing system, for example).