OpenBSD 5.3 Released

An anonymous reader writes "Today, OpenBSD 5.3 has been released. It has many improvements, updates, and new stuff. Also, OpenSMTPD 5.3 is included. This is the first version of OpenSMTPD considered to be ready for production. Many pre-built packages are available for many architectures. OpenBSD 5.3 ships with various Desktop Environments, including Gnome 3.6, KDE 3.5, and XFCE 4.10." And don't forget the release song, "Blade Swimmer."

BSD, ftw!

[Leafwiz]

:)

BSD Released?

[Jeremiah Cornelius]

Is it still required to visit a probation officer, and give notice on any change of residence?

Re:Let us rejoice!

[cold fjord]

But seriously, it looks like a great set of improvements. It is also great to have a new stable choice for mail transfer.

Subject: Announce: OpenSMTPD 5.3.1 released [opensmtpd.org]

OpenSMTPD 5.3.1 has just been released and the archives are available at
our main site: www.OpenSMTPD.org

OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.

It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, MacOSX and Linux.

OpenSMTPD presentation is here [opensmtpd.org].

Re:

[lorenlal]

Too bad NetCraft says it's dying :D

Re:

[cold fjord]

I hear NetCraft has been wrong before. ;)

OpenBSD is very cool

[Anonymous Coward]

OpenBSD is very cool. It's amazing what Theo and team have done over the years, and sadly, they don't get the cred they so richly deserve: OpenSSH, OpenBGP, pf, etc., and an awesome operating system that just works out of the box.

I'm very surprised more has not been done with OpenBSD. If I ran a company of any kind, it would be OpenBSD on the servers and Linux on the desktop. I would trust nothing else on my servers. I've worked with OpenBSD professionally and it's a joy to use an easy, well-documented system.

Kudos to you, Theo!

Re:

[Anonymous Coward]

Don't forget CARP! [openbsd.org]

Re:

[ThePhilips]

And another little gem - OpenNTPD [openntpd.org]. Used on several embedded systems. Works like a charm, unlike the whimsical ntpd, which often simply refuses to do its job.

PCC

[unixisc]

How is PCC coming along? Has the project made much headway in making its break from GCC?

Re:

[unixisc]

There's been a fork of OBSD called Bitrig partly due to LLVM/Clang not being a part of it. So I doubt that LLVM/Clang is in their plans the way it is for FBSD. But I would be interested in knowing if it were.

Re:

[unixisc]

I'm very surprised more has not been done with OpenBSD. If I ran a company of any kind, it would be OpenBSD on the servers and Linux on the desktop. I would trust nothing else on my servers. I've worked with OpenBSD professionally and it's a joy to use an easy, well-documented system.

Why Linux on your desktop if you have OBSD on your servers? You could just as easily go w/ PC-BSD on your desktop/laptops, which would give you a complete BSD environment to work in. But yeah, I'd like to see OBSD be the basis of a firewall/routing OS like pFsense, but w/ IPv6 rather than IPv4 being the focus of expertize.

Re:

[Anonymous Coward]

You're right! Their code quality is over-hyped. OpenBSD code isn't appreciably better than experienced Linux and GNU developers, although they do favor portability more than most.

What sets OpenBSD apart is a reluctance to write a shit ton of new code, and to inflict it on the world. Great developers write buggy code on occasion; developers with an eye to security and reliability choose to write less code.

Just about _any_ Linux box could be easily rooted from the shell because there's so much code churn in t

Re:

[Anonymous Coward]

There is some truth to what you say. However, as an experienced IT security guy, one thing that makes OpenBSD "better" than Linux out of the box is its simplicity. Complexity is the enemy of security. And, more importantly, you did allude to the fact that security is a process, not a product. If I get root on anything, I own the box. Secret is to not allow this remotely. Use SSH keys, not SSH passwords for access. Use Radius, Kerberos, and others as a defense-in-depth measure, not just SSH. SSH alone might

Re:

[the_B0fh]

hahahahahaha. You actually believe all major development projects go through reviews and re-reviews? Hahahhahaha

Re:

[101percent]

OpenBSD as a complete OS includes highly modified and integrated services including DNS, Web, SSH, SMTP, NTPD; activating these components is trivial and there are no special compromises or unique approaches to doing so. OpenBSD is simple like any UNIX should be, and that simplicity means running services is quite easy and these services are secure by default. Lots of other OS may not include these patched, and in many cases, original services. If you think it's all about a service-less default install b

Re:

[armanox]

Hey - I really liked KDE 3.5. Although I'm surprised to see GNOME 3.6 in there.

Re:

[unixisc]

If they want to use KDE 3.5, they're better off adapting Trinity

Re:

[laffer1]

I don't know about OpenBSD, but I can say that it's been much easier to port KDE 3 than KDE 4.x on MidnightBSD. QT4 isn't bad, but a few of the KDE bits are a real hassle. They may have to port a lot of support code first to get it running. I don't think people realize the amount of work it takes to port KDE and GNOME. They are huge.

Re:

[unixisc]

Maybe 2007 really will be the year of the Linux desktop!

This struck me as well. If they can be current w/ GNOME 3.6, why can't they have KDE 4.9, for example?

MP Performance?

[inglorion_on_the_net]

Glad to see OpenBSD is continuing to push for better security.

Has anybody been keeping tabs on performance, particularly on multicore systems? I'm curious what gains have been made there over recent years. I know that Linux and NetBSD have improved a lot, but what about OpenBSD?

my favorites

[anarcat]

My favorite improvements:

* OpenSMTPd - can't have too many solid mail servers out there
* OpenSSH 6.2 - new crypto algorithms and other goodies
* pf improvements - sloppy state tracking for ICMP
* relayd and OpenBGPd improvements

now the question is: how long until those trickle down to sister projects like FreeBSD or Debian/kFreeBSD?

Re:

[Onymous Coward]

pfSense is a distribution whose whole purpose is simplifying the administration of pf? With another major goal of reliability? What would you expect, then?

Re:

[Gothmolly]

Some of this suffers from Good Enough syndrome. Do you really need 5 different mail servers? Is the crypto algorithm underneath SSH the problem with people using SSH?

Great stuff, and I'm sure its technically slick, but its (potentially) a lot of work to migrate this stuff to another platform, so why do it when there are reasonable alternatives?

Re:

[Onymous Coward]

I should point out that SMTP transport is by nature complicated.

And that's only item #4 out of their goals [opensmtpd.org]. Everything else is pretty much covered.

And what the hell are people doing using Sendmail? Use Postfix or qmail.

Re:

[Lennie]

They want to replace sendmail in the OpenBSD base install. Complexity of configuration and probably code for auditing is probably the reason.

Thus I think the biggest reason that OpenSMTPd exists is because Postfix doesn't have licence that is compatible with inclusion in the OpenBSD-base install.

Probably OpenSMTPd will be awesome and having more choice might be useful too.

Mail recall capabilities

[unixisc]

I have one question about these alternate e-mail servers. Do any of them come w/ the ability to recall mail? As one might know, in an MS Exchange/Outlook environment, if one has sent an e-mail on Outlook and regrets it after the fact for any reason, be it a typo or whatever, one can try to recall it. If the message has not been opened at the other end, Exchange allows the message to be recalled. Such a feature is sometimes a lifesaver, but I doubt that Sendmail has it. Does anyone know whether any of t

Re:

[dodobh]

No. They default to the assumption that they may append to mailboxes or send mail to the world, but never delete from it. Deletion is a function of the POP/IMAP server.

Re:

[the_B0fh]

Do you understand what SMTP is? Do you understand that Exchange is *NON-SMTP*? Do you understand that these alternate email servers are *SMTP* email servers?

Re:

[Lennie]

pf improvements ? The last import of pf in OpenBSD was years ago.

OpenBGPd has a really, really old port and depends on certain kernel interfaces currently only available on OpenBSD (although they could be ported to FreeBSD).

It will take a long time, I'm afraid. :-(

Re:

[the_B0fh]

Uh... You *do* realize that pf is OpenBSD native code? That they are constantly hacking on? They wrote it from ground up, why would they be importing *anything*?

Are you perhaps thinking about Darren Reed's ipf which they cut out years ago, due to Darren's stupid licensing (free and net bsd can change and patch ipf code, but OpenBSD is banned from patching it, nyah nyah).

Production-ready at version 5.3?

[reSonans]

I know software versioning schemes aren't exactly consistent, but isn't 1.0 a tacit milestone for production-ready?

Re:

[cold fjord]

It all depends on the versioning scheme.

Re:

[WD]

OpenSMTPD was first introduced for testing with OpenBSD 4.6. OpenSMTPD version 5.3 was released with OpenBSD 5.3. Seems reasonable to me.

Re:

[olsmeister]

Yes, but the version numbers are actually logarithmic. Thus, version 1.0 is actually released as version 0 and by the time version 5.3 is released, well, you do the math ... it's completely stable.

v1.0 not production ready ...

[perpenso]

I know software versioning schemes aren't exactly consistent, but isn't 1.0 a tacit milestone for production-ready?

Many of us do not consider v1.0 to be production ready, more often really a public beta. :-)

Re:v1.0 not production ready ...

[X0563511]

OpenBSD is not Ubuntu. Changes are not made because they feel like it.

and they said GNU was communist

[Trepidity]

Released on May Day, eh? I see what you're up to, OpenBSD. That's a pretty red logo, too.

Re:

[Anonymous Coward]

That is actually not the logo of OpenBSD but FreeBSD. I don't know why that logo is put there. The OpenBSD logo is more like this [openbsd.org].

Re:

[cold fjord]

Sort of like the flag where Theo lives. [wikimedia.org]

The project is coordinated from de Raadt's home in Calgary, Alberta, Canada. [wikipedia.org]

Re:

[Anonymous Coward]

Motherfucker.. will they never relent? Giving us a solid, trustworthy, secure operating system? Getting their DARPA funding cut? Having a record number of moose per square mile?

To hell with Soviet Canuckistan! Bastards.

Pardon me... I'm just going to load up Windows 8 and install Banzai Buddy.

The earplugs, they do nothing!

[RDW]

And don't forget the release song, "Blade Swimmer."

You know that Voight-Kampf test of yours? Did you ever take that test yourself? Theo?

Re:

[flayzernax]

Hahahaha, this was great, I didn't know BSD did these little diddies =)

Re:

[Anonymous Coward]

undeadly.org

Re:

[buttfuckinpimpnugget]

The mailing lists. misc@ tech@ for starters. Go to openbsd.org and sign up, or browse them on http://marc.info/ [marc.info]

Re:

[cold fjord]

You can find links to OpenBSD mail archives at the bottom of this page [openbsd.org].

Re:

[BitZtream]

OpenBSD is not for noobies or the lazy.

If you have to ask, OpenBSD is not for you. That is by design, the project lead wants it that way. If you can't use Google to answer the questions you have asked, then OpenBSD is not for you. Let me take it one step further than that, if you DIDN'T GOOGLE IT FIRST, then OpenBSD is not for you in any way.

It is not intended for people who expect ANY hand holding as you WILL NOT GET ANY.

Re:

[eudaemon]

OpenBSD is PVP unix. External attackers or your fellow players can kill you any time. As long as you understand that, it's fine.

Re:

[eudaemon]

This is why I call OpenBSD PVP UNIX. If you failed to armor up, you will be flamed to death by fellow players. :-)

Re:

[Onymous Coward]

I can appreciate trying to raise the floor with a dress code or basic code of conduct, but a culture of contempt is actually counterproductive. It results in a "blame culture", which is inherently less secure. And both these negative qualities reduce the viability of the community and stunt its growth and progress. There are other ways to raise the floor.

Re:

[Onymous Coward]

I don't think it's hard to find examples of Theo being contemptuous outside of handling an indolent noob.

Since both emacs and gcc contain code inside them which permit them to
compile and run on commercial operating systems which are non-free,
you are a slimy hypocrite.

Stallman isn't a noob. He has a different perspective from Theo, obviously. Any reason not to be a gentleman about it?

And, contempt for indolent noobs, as it turns out, is still counterproductive. Because contempt by itself is counterproduct

Re:

[unixisc]

I do agree that Theo could use some manners, but his content is right - on one hand, RMS doesn't tire of preaching his 'free' ideology, and yet, he doesn't put any restriction on emacs or gcc running on something like Windows or MacOS. If he were consistent, he'd deprive those non-free operating systems of the treasures of gcc and emacs, so that they can run only on 'free' systems

Re:

[unixisc]

I meant contempt, not content. But I do agree w/ Onymous' main assertion - that contempt is counterproductive, and only serves to alienate people who might otherwise be willing to give OBSD a try, if not more

Re:

[Anonymous Coward]

The thing is, the OpenBSD folks have put a huge emphasis on writing good documentation for everything. Something not documented clearly/fully is considered a BUG by the developers.

Because of the work they put into it. They expect you to have read the documentation before coming to them with a question. Not just googling for answers, but reading the actual documentation that comes with the OS. If you can't be bothered to put in enough effort to RTFM, they don't want to deal with you. Seems reasonable.

Re:

[iggymanz]

actually, the real request is to read the excellent documentation (compared to say GNU/Linux) first before asking questions in forums.

Re:

[unixisc]

There is an opportunity here. Like Red Hat, the OBSD guys too could work on their own certification course, and have a legion of educators for people who have question. Would probably be a good way to grow.

Otherwise, having a hostile attitude towards people who don't fit their regimented notions of what a perfect learner should be is just going to ensure that OBSD, no matter how good, would continue to languish in the doldrums. Heck, even NetBSD could then overtake them in terms of popularity.

Protocol correctness?

[klapaucjusz]

Has anyone checked how correctly OpenSMTPd implements the SMTP protocol? The OpenBSD project has an unfortunate history of caring more about simplicity of implementation than correctness [debian.org] (see also this discussion [slashdot.org]).

Re:

[Freedent]

Your patches gratefully accepted. (But sweet fruitless grudge-holding in the meantime)

Re:

[eudaemon]

I suppose that depends on what you consider mastery. My home firewall runs BSD. I usually just grab a new disk and do a clean install, and mount the old disk to copy over whatever config files I need. With that approach instead of sysmerge which would actually be faster, I'm back up and on the internet in 1/2 an hour or less. After that I start with packages and again copy over config files, reviewing the files and release notes in case I have to make changes. And frankly to find any languishing TODOs I

I always forget...

[Paperweight]

Can someone remind me which is the good one? OpenBSD or FreeBSD?

Re:

[Anonymous Coward]

Both are good. OpenBSD for security, FreeBSD for performance, NetBSD for toasters.

Re:

[Mike Frett]

And PC-BSD for the Desktop. People seem to forget about that one, you know, the one with easy to install Packages (PBIs).

Re:

[Cherubim1]

If a PBI is not available in AppCafe one can always use ports w/EasyPBI

Re:

[BitZtream]

You think this is unique to PC-BSD? Have you used the others because the summary tells you there are prebuilt binaries for OpenBSD and FreeBSD has packages as well ... As does NetBSD.

I don't use NetBSD, and I don't use OpenBSD packages, but FreeBSD has had packages for at least 10 years, so since before PC-BSD forked ...

Why do people bring up this kind of shit as if its not common to all BSDs?

Re:

[unixisc]

PC-BSD ain't a fork of FBSD in the way, that say DragonFly BSD is. It's something that's developed in parallel by a team that's very much a part of the overall FBSD team, except that they are targetted towards desktop usage. So they've focussed on a few things not so important for FBSD, such as the PBI interface. I'd imagine that the next thing they should be working on is Wayland, which is not important for FBSD, but which would be very useful for PC-BSD.

Re:

[iggymanz]

that would depend on what you want to do and what you value in a server or desktop or laptop distribution.

Just for an example, let's take one thing that is BAD about my favorite server distro, OpenBSD. The filesystem is very slow and inflexible compared to ZFS on FreeBSD, no advanced storage operations like clone, grow or snapshot

yes!

[borkie]

This is a truly fabulous operating system. And for the ones wondering about version numbers, OpenBSD increases it by 0.1 for every release. And a new version is released every 6 months. Also, besides the mailing lists, there is a small but pretty capable community at www.daemonforums.org.

Re:

[ls671]

Samba X ?

http://xamba.sourceforge.net/sambax/index.shtml [sourceforge.net]

Re:

[Anonymous Coward]

You might want to read this [openbsd.org].

Install xbase53.tgz

[Anonymous Coward]

Samba requires xbase53.tgz (not sure why but yeah). Go to your root directory, and, as root, retrieve xbase53.tgz (you don't need the other X packages, just xbase) from your friendly local mirror. Then tar fzx xbase53.tgz to install.

Then pkg_add samba as normal. That should fix it.

Re:

[kthreadd]

Or I guess we would have seen MacLinux.

No, GPL does not force companies to use your code. It may only restrict them from using it.

Re:

[BitZtream]

so far all I see is a bunch of catchy tunes, and there butthurt jealousy of Linux's popularity, meanwhile complaining about how some distros have non-free firmware, and how unfree the GPL, along with some prophesizing about how OpenBSD is going to take over the world. Then some bashing of RMS as a hypocrit.

Show me where Theo tells about OBSD taking over the world, I'm fairly positive thats exactly the opposite of his goals. Otherwise, it seems more like your statement is you projecting your own feelings on openbsd. RMS is not a hypocrite, just a fucking douche you're too stupid to recognize as using you to further his own political agenda.

What they miss is the only reason that either RedHat, or IBM, or SuSE call what they sell "linux" and various distros are vaugely compatible with each other is because of the GPL.

What you call 'vaguely' compatible, the rest of us call a joke. Its why no commercial vendors put real effort into targeting Linux, because what you call compatible, real

Unix certifications of Linux, BSD

[unixisc]

I largely agree w/ the rest of what you wrote, but to claim that Linux does not meet the Unix specification begs for citations. It's true that Linux has never been lab tested to see whether it does or not, and for that matter, neither have the BSDs. OS-X has been tested and found to pass, so it's a good supposition that FBSD would pass as well. But to claim that Linux would fail begs for evidence. Chances are that Linux has not been put thru those tests b'cos it costs money - money that nobody woul

Re:

[Lennie]

Apple actually does give back.

Have a look at their work on WebKit and LLVM.