OpenBSD 5.4 Released

An anonymous reader writes "The release of OpenBSD 5.4 has been announced. New and notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions."

Re:

[Anonymous Coward]

Wouldn't that be a little unsafe for OpenBSD's standards?

Re:

[Anonymous Coward]

If BSD is dead then I wouldn't be typing this on my BSD machine.

Re:

[davester666]

Maybe now it's undead?

Re:

[Anonymous Coward]

GNU is dead; BSD will live forever

Re:

[Mitchell314]

I'm disappointed nobody made a BSD parody of that Black Sabbath song.

Re:But ...

[billcarson]

Why, yes, yes it can. There is linux binary emulation available.

Re:

[Anonymous Coward]

FreeBSD supports i386 Linux emulation on 64bit

Re:

[Burz]

So now I can run my vulnerable apps on a vulnerable OS. If the emulation layer is enough to fool them. And this is better than just using Linux because? Oh right, you can jail apps now they can't access your video card or your files, that will show them.

Running apps under a hypervisor in Qubes is safer anyway, and it comes with Fedora. You get (safe) video, but not 3D unless you assign a whole video card to a VM.

Re:

[Anonymous Coward]

Dual-boot? If malware infects your BIOS, NIC, IPMI, or other device with embedded firmware through Windows, then your other partitions are fscked, whether or not they're encrypted, as soon as you boot them.

Re:Yawn.

[d33tah]

You actually woke up just to see the article?

Re:

[jones_supa]

:D

OpenBSD Rocks.

[grub]

Rather than slagging OpenBSD, set up a small VM and try it there for a while. It's a fantastic OS, I use it on my gateway/firewall/VPN, other edge-facing devices and a llaptop.

It's a bit minimal but what you get works.

Re:

[jones_supa]

What are the benefits over using Linux?

Re:OpenBSD Rocks.

[jawtheshark]

Look into the syntax of pf, then look into the syntax of iptables. Then look back again. If I can, I damn well avoid having Linux firewalls, and I'm a Linux system administrator.

Re:OpenBSD Rocks.

[K. S. Kyosuke]

What, iptables has a syntax? I thought it only had command line options.

Re:OpenBSD Rocks.

[gagol]

OpenBSD focus on code stability rather than features, uses encryption everywhere it benefits and consider documentation as critical. Overall, it is very stable and secure.

Re:

[Mitchell314]

In other words, boring and lame. :p

Re:

[Teckla]

If you prefer crashy and insecure, you know where to find it.

Re:

[Anonymous Coward]

No one had mentioned Windows until you just brought it up.

Re:

[Bengie]

Just the way sysadmins like it.

Re:

[BitZtream]

Are you a masochist? If you aren't, just use FreeBSD instead. You'll get roughly the same result, minus the pain and suffering Theo inflicts on others who listen to his rants as well as use his code.

Re:

[celle]

Are you a masochist? If you aren't, just use open source instead. You'll get roughly the same result, minus the pain and suffering Steve inflicts on others who listen to his rants as well as use his code.

FTFY

PS Steve Ballmer is still at Microsoft and Steve Jobs hasn't been dead that long so most of his decisions are still being used so it works for both Windows and Mac OSX.

Re:OpenBSD Rocks.

[grub]

I'd suggest starting here as a beginning: 9 - Migrating to OpenBSD [openbsd.org]
One thing I find OpenBSD is head and shoulders above other *nix OSs at: the documentation. Virtually every service, binary, config, library, /etc/*, what-have-you has a thorough manpage included. The emphasis on security and "correctness" shows everywhere: pf is fantastic (iptables is a cancer by comparison), the built-in IPSec is great, it's OpenSSH's "home OS", etc.

Everything fits very well together (as is also the case with FreeBSD and NetBSD). All the OpenBSD users could post replies to your question but the only way to see for yourself is to try it out.

Enjoy!

Re:

[tlhIngan]

One thing I find OpenBSD is head and shoulders above other *nix OSs at: the documentation. Virtually every service, binary, config, library, /etc/*, what-have-you has a thorough manpage included. The emphasis on security and "correctness" shows everywhere: pf is fantastic (iptables is a cancer by comparison), the built-in IPSec is great, it's OpenSSH's "home OS", etc.

Technically, documentation is required to ensure correctness - because if it's not documented, how do you know it's working correctly?

The fac

Re:OpenBSD Rocks.

[Anonymous Coward]

To me it is having a UNIX system that just works.
Sound, graphics, networking, documentation. Everything is just damn stable. I can update to the next version with no fear that it will break my system. Every new feature is a well thought and all over improvement on the previous version.
With Linux, it is always chasing a moving target that has many attractive features, but each fighting with each other and against the user. Today my WiFi won't work, tomorrow it will work but my headphones will be mute for no good reason. The day after tomorrow the apt database will get corrupted. Don't get me started on RPM.
I do have to renounce to some features and software that will only work in Linux, but in the end, it fits my needs the best.
As a programmer, I also find that when both systems solve a similar problem, the Linux solution usually feels more hackish and ad-hoc while the OpenBSD one(assuredly often in hindsight) feels like a real improvement.
I do always keep a Linux partition with the latest cool distro(currently Mint) but in the end I spend most of my time on OpenBSD.
As for FreeBSD, it is somewhere in a middle ground between Linux and OpenBSD, but, at least for me, that middle ground feels even less comfortable than either one.

Re:

[Waffle Iron]

With Linux, it is always chasing a moving target that has many attractive features, but each fighting with each other and against the user.

That's been the continual story of personal computing since the 1970s. *Somebody* has to go through the pain of integrating new capabilities into common use.

Re:

[VortexCortex]

Right. I use Debian Stable and OpenBSD. I find that for the most part they're quivalent in the "Damn, they broke shit again" department... Seriously.

Re:

[Anonymous Coward]

Debian Stable is comparable to OpenBSD in that there is a group of people(and that includes users) making sure the changes won't destroy people's systems before rolling out updates. QC, crazy, huh?
Similarities end here.
Debian Stable is effectively dead on arrival. By the time you upgrade to the next version, your software has only been getting back-ported "security" fixes for more than five years. It wouldn't be a bad choice if civilization ends tomorrow and that's the system you are stuck with. But it is h

Re:

[Anonymous Coward]

You mean like ASLR, drive encryption, stack canaries, W^X? None of these were invented there but they were common and integrated into OpenBSD long before any Linux.

Re:OpenBSD Rocks.

[cptnapalm]

I have this truly bizarre UltraSparc laptop. The only two operating systems which will support it are Solaris, obviously, and OpenBSD. Solaris was extremely sluggish whereas OpenBSD with Awesome is quite spry.

Re:

[armanox]

Is it a Tadpole computer? I don't know of too many UltraSparc laptops. I'd consider buying one if they were still available.

No luck with GNU/Linux?

[Wootery]

GNU/Linux [debian.org] didn't work?

Re:

[eudaemon]

Well you can find out for yourself at the OpenBSD home page, which explains their approach to security: http://www.openbsd.org/security.html [openbsd.org] OpenBSD is definitely an educate yourself then ask questions sort of OS. I'm not slagging on you, just saying it makes more sense for me to post a link than try to recreate the contents of the webpage it goes to. Check it out. Decide for yourself.

Re:

[jones_supa]

Reading the comments above and reading some material, my impression now is that it is more robust than Linux, but requires more effort to set things up.

Re:

[larry bagina]

OpenBSD wasn't developed by the NSA.

Re:

[drinkypoo]

Last time I used it, it was a very long time ago, and I had to throw it away because the intel NIC driver that I was using (some kind of 10/100 cards) would choke eventually if you had more than 1 in the system, and I had 4.

Now I shall try it again on my olde timey original Atom netbook (Acer Aspire) which I've been putting off installing with anything for lack of anything modern that I wanted to run on it. This is close enough. I ought to have one machine I can kind of trust.

Re:

[Anonymous Coward]

Hahaa! Straight into the trap!

Re:

[ISoldat53]

Has it changed much since 2003? That's the last time I tried to use it and that's when my manuals are dated. Not a dig, it's just I haven't tried it since.

Re:

[grub]

They release a new version every 6 months, so your last info is about 20 versions behind...

Re:

[Burz]

OK. I'll set one up in a Qubes VM... that way the system will stay secure. :D

This is the year...

[JosefSit]

Yay, this is the year of the BSD-Desktop!

Re:

[kthreadd]

It could very well be. I just tried it on one of my desktops. Gnome 3.8 worked really nice on it and even had accelerated 3D graphics.

Linux on my servers, NO WAY.

[eshaw]

There's only one solution when it comes to my network and servers, that's OpenBSD. It's secure, stable and correct coding making it an easy choice. I run a VPN, Web and redundant Firewall servers and OpenBSD gives me a piece of mind, ensuring it's stability. Stability and security are paramount for my network. PF is the king of firewall rules and iptables is an absolute mess. It's simple folks. If you want a serious OS for internet facing infrastructure, why choose anything else. OpenBSD is the obvious answer!

Re:

[Burz]

I run a VPN, Web and redundant Firewall servers...

Great. Welcome to 1999!

Re:

[eshaw]

Thanks. I've probably been supporting servers before you were born, but thanks anyway juvenile.

Re:

[dbIII]

Great. Welcome to 1999!

Why not? They have cooler spaceships than we have now.

Re:

[fisted]

Dear fanboy, take a look at what ISPs run. No, it's not OpenBSD, but it sure as hell isn't Lunix* either

(*) The losers' unix

Re:

[eshaw]

Obviously you have to hide yourself, posting anonymously! Only COWARDS speak in hiding!!!

Re:

[fisted]

obviously you have replied to the wrong post

Re:

[eshaw]

Yeah, plenty of ISP's use OpenBSD, BSDs generally.

Re:

[Ducho_CWB]

Dear fanboy, take a look at what ISPs run. No, it's not OpenBSD, but it sure as hell isn't Lunix* either

(*) The losers' unix

Windows 2012 R2 LOL Version.

Re:

[dbIII]

ZFS
You say you are literate, try reading where it is up to on each platform.

No signatures, just checksums?

[Anonymous Coward]

From the FAQ:
"The OpenBSD project does not digitally sign releases. The above command only detects accidental damage, not malicious tampering. If the men in black suits are out to get you, they're going to get you."

Seems a bit fatalistic not to provide any verification method at all...

Re:

[Anonymous Coward]

The reason is that you should not rely on any binary release. Download the source code. Audit it. Then build and install it from your own copy.

Re:

[eneville]

Or buy the cd set from openbsd!

... and the men in black suits will deliver your post ...

Never mind the features, what are the benefits?

[petes_PoV]

Or, to put it another way:

What would I be able to do with a box running this that I couldn't do with <operating system X> for any current, contemporary O/S. Let's not talk about potential uses - but real, live, switch it on, press buttons and do stuff type of uses. Things that no other O/S or box running that O/S can do? What are they?

Re:

[VortexCortex]

Jail.

Re:Never mind the features, what are the benefits?

[Noryungi]

What would I be able to do with a box running this that I couldn't do with <operating system X> for any current, contemporary O/S.
Let's not talk about potential uses - but real, live, switch it on, press buttons and do stuff type of uses. Things that no other O/S or box running that O/S can do? What are they?

One word: pf.

Best. Firewall. Program. Ever.

Running the latest and greatest version of OpenSSH is also interesting.

New & extended platforms?

[unixisc]

If they are adding new or extended platforms, instead of octeon or beagle, how about adding Itanium support? B'cos I think they have most others covered - SPARC, POWER, MIPS, and anything still surviving

Re:

[Drinking Bleach]

It requires a system capable of VT-x/AMD-v and enabled as well.

this summary sucks

[Anonymous Coward]

I don't think most people care about vax moving to elf and fuse is definitely not of any use until at least the next release. for me one of the biggest improvements was in the the rewritten dhcpd/dhclient tools. also some nice incremental performance improvements and lots more posix features added. and as usual the amazing man pages just keep getting better with every release (if that's possible). finally just quoting the number of ports doesn't really give an idea of how current the software collection is.