FreeBSD 4.0 Released 227
Claes Leufven was one of the first to write in with the news that FreeBSD 4.0 is
now available for download. Features added to 4.0 since it diverged
from 3.x include: IPv6 and IPSec support built in (courtesy of the
KAME project), OpenSSL and OpenSSH are integrated in to the base system,
jail(2) ("chroot(2) on steroids") to help build secure environments,
many, many NFS bug fixes and performance improvements, bug fixes and
performance improvements to the VM subsystem, netware file and client
connection support, gcc upgraded to 2.95.2 as the base compiler, better
support for laptops, a much more complete threads library. . . see the
Alpha or i386 release notes for more details. And before you all rush off to upgrade
your production servers, read on for a brief message from Jordan Hubbard,
FreeBSD's Release Engineer, and to find out where to download the release from.
"As with all FreeBSD releases ending in .0, the project recommends that production environments wait at least one or two releases after it before moving mission-critical services over. These dot-zero releases are primarily aimed at the developers and early adopters who are willing to work on refining the technology until it's production-ready. The 4-stable branch will also not be created until just before 4.1 is released, the period following a .0 release being the best time to collect serious feedback before branching the tree."
For a static list of mirrors, see this section in the FreeBSD Handbook. Alternatively, try Gavin Cameron's automatically updating list of mirror sites.
Re:Why use FreeBSD when you have Linux? (Score:1)
This is funny, at least in part its true I think, FreeBSD uses the more traditional BSD hierarchy for its filesystem and has a BSD style init for example. Seen from within the BSD world however FreeBSD are the ones that are not very traditional ;-)
In terms of stability, the two are pretty much neck and neck, AFAIK.
Hmm... I'd think that FreeBSD does a little better here.. only slightly.
In general stability is good in both cases, and hardly a reason to choose one over the other unless that little bit if extra stability does make a difference for you. /usr/ports, unless you have actually used it a few times you simply can't imagine how nice this is. It basicly provides sceletons for almost everything that is known to build on FreeBSD that will retrieve the source, apply patches, configure, build and install any of all those programs with just a single command.
What I find convincing reasons are for example:
- Being able to update (and upgrade) the entire distribution from the centralized source tree (using cvsup). No more problems because of library versions when upgrading to newer versions etc. You can track the development version (-CURRENT) which can be automated if you want so you can have the latest development sources etc on your machine, or you could track the STABLE branch if you are interested in having all patches and fixes and other updates after they are well tested.
-
- FreeBSD as mentioned uses a BSD style layout for its filesystem. This layout is far more consistant then the more sysV style layout that Linux (and most modern Unix variations) has, and because of that is easier to learn.
- FreeBSD behaves far better under stress then Linux. interactive response on a heavily loaded machine can get really bad with Linux, I have not seen that happen on FreeBSD, it gets slower, but its a long way to get it to a state where it becomes unusable.
- The BSD ip stack. This is the best documented and most widely used ip stack. FreeBSD has it with many enhancements.
- netgraph, which is far too much to explain here, but see this as something thats way cool if you are doing serious networking with different media.
- FreeBSD's ipfw + natd perform better, are more flexible and have better functionality then Linux' ipfw/masquerading stuff.
- With all those advantages, you are still able to run virtually any Linux app, so you can't loose
Please not that I'm running Free,Net and OpenBSD, as well as Redhat, slackware and debian Linux. All those have their advantages, and in many cases they are almost interchangable. Of those I prefer FreeBSD since it seems to combine most of the advances of Linux in hw support etc with the things that BSDs are traditionally good at.
Re:That was Linux in 1997 maybe. (Score:1)
The Linux filesystem layout makes perfect sense. It is a mix of the best BSD and UNIX features.
I never said it did not make sense, but I do say that BSD is stricter in what they put where. Stricter rules results in easier to find because things are more often where you expect them to be. A good example for Linux and system V like systems in general is the things they stick into /etc BSD does not have any executable binaries there, just scripts and config files.
Anyway, like I said, Linux' fs layout works and even more, works perfectly well. BSD's layout has a few distinct advantages over it when managing a system to my experience.
You like what you already know though.
As you can read from my previous post I know a few linux and a few bsd dists. what I didn't mention there, but what might be nice to know is that I also use Aix, Solaris, Irix and HP-UX. I think I am used to both, but have a preference.
The BSD IP stack is lame. It is almost as good as the Linux 2.2 stack, but Linux 2.4 is almost ready. While BSD still has a big SMP lock around the kernel (like Linux 2.0), Linux now runs the IP stack on multiple CPUs at the same time.
I am quite aware that many claim that the Linux stack is faster. In my day to day experience I see little difference in performance, tho Linux tends to be faster on a relatively quiet network while FreeBSD is faster on a heavily loaded network to my experience. SMP on FreeBSD is no as efficient as on Linux 2.4 (which is not yet there) but will get a lot better when the code merge between FreeBSD and BSDi gets on its way. And ehm... tho it is important for many purposes, the very vast majority of the machines currently is single cpu, so eventho this is most definitely an area where Linux will have a performance advantage soon and will keep it for a while, this is only for a small (but growing) number of installations. ;-)
It is also funny to note that I have a SMP machine, and I have both FreeBSD 4.0 and a recent Linux 2.3x on it. I strongly prefer FreeBSD, not because it performs better, Linux runs my quake II better at least, but.. no matter what I throw at it, with FreeBSD it keeps running and stays responsive, something which Linux doesnt seem to do as well by quite some margin. So for a server, eventho Linux might be more efficient in cpu cycles, FreeBSD will perform better to the users experience.
It is also something to consider that FreeBSD contains a BSD stack with many enhancements, do not compare that to a plain BSD stack, it performs a lot better.
Linux ipfw is a 2.0-era feature. So whats the alternative?
As far as I'm aware the masquerading part is still pretty much intergrated, which causes the inflexibility that I was mentioning.
As I mentioned in my original post, all the open source unices have their advantages, you managed to spot one advantage of Linux, congratulations.
For the rest, your post implies that I was talking about a very old Linux version while in fact I am talking about a fairly recent one.
The question was not why would someone try Linux, but why would someone try FreeBSD. If you want to advocate Linux, go annoy MS fans with that. If you have on topic answers, or actually have arguments to prove my statements wrong then please feel free to post them here
Chroot (Score:1)
thanks!
Re:That was Linux in 1997 maybe. (Score:1)
No, I don't mind. But the point was that, at the stage Debian is right now, implementing the capability to upgrade itself from source packages would be easy, since most of the infrastructure is there. For some reason it hasn't happened.
I wasn't aware that Debian actually has no binaries in /etc, just that it was far less of a mess then most other dists, thanks for the correction.
Debian's filesystem policy is quite strict. All config files in /etc, shareable static program data in /usr/share, nonshareable program data in /usr/lib, program state in /var, save for very few documented exceptions (like /usr/X11R6, and a couple others).
A have a few more quuestions about this... is /sbin a symlink? (and can anyone explain me why it should be a symlink to /usr/sbin ?
Where did you see a setup like that? Sounds positively brain-dead...
I've run Red Hat (ugh) and Debian, both have a /sbin and a /usr/sbin directory.
If the argument would be about what is theoretically possible, that would all be fine, but the argument is about real world things in use today.
Point taken, but then again, the point was not that Debian in some remote future might be able to do that, but that the infrastructure to do so is almost there; "apt-get source [packages] --compile" will grab package sources and build binaries from the net (doesn't install them). And apt-get can already automatically upgrade binary packages from the net. Thus the capability to do source upgrades is actually being worked on, and will probably materialize this year.
---
Re:That was Linux in 1997 maybe. (Score:1)
Debian's apt-get can upgrade everything in the system from binary packages on Debian mirrors.
I am talking about a basicly single command upgrade of the ENTIRE system from source including getting that entire source (or updating the one you already have).
Debian does not do automated upgrades from source, but it'll get to that point. The ability to build packages from sources is already there, in the program "debget". It would not take much to create a program to download source packages that have been updated, build the binary packages, and install them.
A good example for Linux and system V like systems in general is the things they stick into /etc BSD does not have any executable binaries there, just scripts and config files.
Again this is not the case for Debian. Debian has no executables in /etc. (Can you tell I'm a Debian user? ;)
---
Re:That was Linux in 1997 maybe. (Score:1)
I've thought that a couple of times. The package management systems I hear the most praise about are apt-get/dpkg and the ports system.
---
Um, but nobody's said that. (Score:1)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Re:OpenBSD, come in from the cold. (Score:1)
Every line of code in OpenBSD has been audited, crypto has been used pervasively (not just applications, but in libc and the kernel) and the team is more than willing to say "no" to features which would negatively impact on security.
The first and last of the above points make integration difficult. Most people cannot be bothered and are not able to perform real security reviews and most people are more interested in features than security.
Re:Why use FreeBSD when you have Linux? (Score:1)
In terms of stability, the two are pretty much neck and neck, AFAIK.
Re:OpenBSD, come in from the cold. (Score:1)
Re:OpenBSD security? (Score:1)
What's improved in the thread libraries? (Score:1)
What exactly does this mean? Does FreeBSD have actual kernel support for userland threads now?
For example, can I write a multithreaded application and have the whole thing not block when one thread blocks on IO? I'd love that; it's what's keeping me from getting NASD [cmu.edu] running on FreeBSD now.
Personality clashes, FreeBSD != NetBSD (Score:1)
Of course, the different focus on OpenBSD and FreeBSD might be enough to prevent a merge.
Re:Are their not legal issues to OpenSSH/SSL??? (Score:1)
I believe it's the RSA public key algorithm that is coming out from patent this year, not DES. DES was made a US data processing standard for everyone to use, I don't believe it was ever patent encumbered in any restrictive way.
Re:Chroot (Score:1)
This lets you set up a very limited set of programs and data files, and then force a process to use that instead of having access to the entire file system.
Why is this useful? Two reasons:
- It's easier to secure a system when you're only dealing with a few binaries and configuration files. My home box has 200,000+ files on it: you think I've got them all properly secured? Heck no!
- Sometimes you want to set up varying levels of protection: say, one level for the people you let telnet in, and another level for anonymous FTP users. In fact, all decent FTP daemons can chroot themselves. Have you ever FTP'd into a server and found
/etc, /usr and other Unixy directories at the top level, but almost nothing in them? That's because the administrator has set up a chroot'd environment for anonymous FTP users.
I don't know what FreeBSD's jail(2) call adds, but that gives you a good idea of its base capabilities.--
Re:TokenRing support? (Score:1)
OC-3136, OC-3137, OC-3139, OC-3140, OC-3141, OC-3540 and OC-3250.
Re:Are their not legal issues to OpenSSH/SSL??? (Score:1)
For 4.0, with the integration of OpenSSL, the issue is not so much US export restrictions. It is the patent restrictions on RSA within the US. The solution is to have three possible states: No RSA, RSARef (only legal in the US and then only for noncommercial use or with a licence) and the international RSA code. 4.0 will dynamically link in RSA if you have the correct version, and print out an error message if you try to use RSA without the libraries installed.
-Jeremy
Re:BSD More mature in inverse maturity level of bi (Score:1)
Re:This isn't Freshmeat... so what? (Score:1)
The KAME project (Score:1)
Does anyone else here share this opinion?
Could it be related to the fact that it is centered in Japan?
----
Re:OpenBSD, come in from the cold. (Score:1)
What can be changed once can be changed again - if the main CVS servers were moved to the US, it would leave them vulnerable to future legislation.
Re:Glad to See... (Score:1)
AC wrote:
As a FreeBSD committer, you can rest assured that I knew about the release long before you did.
We had lots of submissions about this, most of them about the fact that the RELENG_4 tag had gone down on the source. Of course, this is next to useless for most people, because it's still not released and available on the FTP site.
We (or, more precisely, me) waited until I had confirmed that JKH had rolled the release, and that binaries had been picked up by a few mirrors. You can rest assured that there is no "pressure from above" to hold off on BSD stories, and that if there was, I'd be the first to talk about it.
N (nik@{freebsd,slashdot}.org)
Re:Why use FreeBSD when you have Linux? (Score:1)
Sorry to dip my little fly in your ointment: www.google.com is running GWS/1.6 on Linux [netcraft.com].
Not meant as trolling, just as a small correction of your facts ;-)
Regards
tom
Re:What's improved in the thread libraries? (Score:1)
Are their not legal issues to OpenSSH/SSL??? (Score:1)
AFAIK, you cannot use either in the US due to use of the DES algorithm that is under a patent until the end of this year. Is FreeBSD allowed to release it now because of their partnership/ownership with/by BSDi???
Also, I was under the impression the stock OpenSSH/SSL still included bit sizes greater than the new limits on encryption export set by the Clinton administration (56/512 or 64/512 are they?). I could be mistaken though (no expert here ;-).
Any clarity would be greatly appreciated.
-- Bryan "TheBS" Smith
I admit, I am interested... (Score:1)
1 - There does not appear to be an ISO image available. Is this true? A URL for a 4.0 iso image would be heavenly
2 - Either way on number 1, I would also be interested in booting from a diskette, and doing an FTP install (a' la RedHat, and maybe other distributions too). Possible?
3 - I like KDE. Well, I like it more than any other Windowing System. Is this part of the standard 4.0 install?
4 - Sadly, I will still likely have to leave a Win partition. Does FreeBSD use LILO? I have a little experience with it, and would prefer it over another boot manager.
5 - The warnings about the lack of stability in a
6 - Heck, what's the word on 3.3? If I am installing it on a machine as I described above, should I just forget 4.0 and do the 3.3 thing? What about hardware support. The machine is a pretty much stock Dell workstation. It would be nice to run at a decent resolution and be able to play some MP3's through the sound card (I haven't checked, but I am sure it is a built in). I know the details are too sketchy for you to say for sure, but in general, do these things work out of the box for a 3.3 install? Is there better/more support in 4.0?
Re:BSD's (Score:1)
Free - largest install base. Oldest, most proven version of the BSD's.
Open - most secure
Net - runs on just about ever piece of silicon ever made. Old Sun 3/80's, old Amigas, serious old machines. They used to have more ports than Linux, and I think they still do have more, but the Linux crze is definetly helping Linux catch up to the work that the NetBSDers have been doing.
Re:Why use FreeBSD when you have Linux? (Score:1)
People could argue that that's bloated too.
Re:OpenBSD, come in from the cold. (Score:1)
...that is, until EROS gets rolling. And, believe me, it _will_ Real Soon Now.
The numero uno reason there has been 0 progress on that recently is that since the head honcho is currently working for IBM, the code he writes becomes their property. Since EROS is a GPLed project, there is a teensy conflict there...
Fortunately, Jonathan Shapiro has decided to leave IBM to work in academia
Of course, if you can't wait a year or so for security, then OpenBSD wins
OpenBSD security? (Score:1)
What makes openbsd so much more secure than any other OS like Linux, or more specifically, FreeBSD? I think it is fair to say that FreeBSD is secure and stable in the extreme (case in point, Walnut Creek). So why is OpenBSD better?
And the hardware support ... (Score:1)
Post a link (Score:1)
Re:Chroot (Score:1)
I'm not affiliated with them -- just impressed.
Double Phfff. (Score:1)
What you seem to be asking is which license makes the best software, and again, no such proof exists, because it's the people that make the code, not the license.
It's often argued that the GPL is better because "I don't want some stinkin company makin any money off my code". They're going to make money off your code no matter which license you use. The difference is whether or not you want to see if they changed your code so you (and others) can use it too.
The quality of your code remains the same. Other coders who are Open Source advocates that pickup on your code are going to give their changes back of course, and in this case, the license doesn't matter at all. The code will improve.
So then if you still say, "But they're making money off my code," then it's no longer about the code really is it? It's about money, and if you were so worried about money, maybe you should have kept your source code closed and sold the program for a bundle huh?
This is why, if you're honest about Open Source, and respect what it can do, it doesn't really matter *which* license you use.
TCP/IP Started on BSD Unix (Re: Did the Internet) (Score:1)
The Internet not only started on Unix, it was born on BSD, as was Sendmail, Vi, etc.
ho'in (Score:1)
Re:OpenBSD, come in from the cold. (Score:1)
This difference is, of course, the result of the distributions being separated. Start combining them, sacrifices will be made. Just look at something like RedHat. Version 6 is becoming very Windows-esque in its size. Why is it so big? RedHat wants to market it to everyone, just like Windows. Go figure.
The point is specializing. Focus on one thing, you'll do it quite well, focus on several things, you won't do any of them nearly as well. I personally enjoy having the three distros. FreeBSD for my workstation, NetBSD on my old crappy hardware, and OpenBSD keeping the nasty world out. (Besides, I have no problems with an excuse to keep another computer around)
Mr. Ayo
Re:Installer/Initial configuration. (Score:1)
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:XFree86 4.0? (it's here) (Score:1)
Re:Doggie-2k (Score:1)
Doggie-2k (Score:1)
win2k would be superior to anything
Versioning has a useage in real OS's, another
proof is the lack of multiple DLL's with different
versions in windows, where as UN*X can differentiate the so's with respect to their filename. (libc.so.3)
Re:Shipping crypto out of the US... (Score:1)
Its more an issue being a US business and wanting to pay or not pay RSA lisc. fees.
No, it's a result of RSA being patented in the US, but not in the rest of the world, and RSAREF not being available outside US because of crypto laws. But the fact is... FreeBSD deals with this issue for you, OpenBSD doesn't. OpenBSD requires more manual steps than FreeBSD.
So what he said is perfectly correct. Stop whining.
Re:Installer/Initial configuration. (Score:1)
No, you don't. This is done at installation.
Re:Did the Internet start on Unix? (Score:1)
I suspect that novel is with us today because of their early business was to build hardware and software to help connect early military computers to the DARPA network. Some of these were then put on the Internet and some of them still are pingable.
Most of the very early stuff (ip v1, etc) was not done under unix but the rapid growth resulted from the easy access to BSD.
Re:Installer/Initial configuration. (Score:1)
Re:How long has it been? (Score:1)
4.0 Finally out? Wow! I've been in the open source scene for about 4 years. I think in that time it was always in the 3.x series. Man that's almost as bad as Microsoft.
Wonder how many more years until it will be version 5.0
You're smoking something. 3.0 came out in October of 1998. Even then, the last release of 2.2, 2.2.8 came out in December 1998.
That's about one and a half years, not four.
-Corydon76
Another reason (Score:1)
Chris Hagar
Thats funny... (Score:1)
Re:Whee.... (Score:1)
Re:Why use FreeBSD or Linux when you have Windows? (Score:1)
Nifty! (Score:1)
Re:Concerns about OpenBSD remarks in all the posts (Score:1)
I'm not convinced that OpenBSD's "increased security" is significant enough to justify using it over FreeBSD or NetBSD. Except I'm going to be likely to start off a religious war with THIS one.
Re:HUH? Re:How long has it been? (Score:1)
2.2.8->3.0 was aout-to-elf, however.
Re:HUH? Re:How long has it been? (Score:1)
So it isn't an excuse for the time of the release cycle (which doesn't need an excuse, by the way), is my point. Using the fixes in lite2 didn't make the path to RELENG_3 harder. It made it easier.
Re:Installer/Initial configuration. (Score:1)
Try it.. Oh, and don't freak out when you 'free' and see half your memory gone; FreeBSD has a different memory management style than Linux.. I've had more than one frantic email over that!
Re:Why use FreeBSD when you have Linux? (Score:1)
Re:Another reason (Score:1)
Most of the OpenBSD user-land security fixes, and a good proportion of the kernel ones, are being merged back into FreeBSD (I'm should know, I'm doing the work myself). Expect to see a lot more focus on security in FreeBSD in the future.
Does this mean that OpenBSD will lose its market niche? I don't think so - they'll always be more security-paranoid than the rest of us are willing to be, I think (some of the changes they've made involve breaking backwards-compatability or introducing changes which have other slight negative side-effects, in the name of security)
Re:OpenBSD security? (Score:1)
Most of the bugs they fixed fall into the "paranoia" category, i.e. they could conceivably lead to a security problem if the admin does something really weird with the program, but under 99% of normal use they're just a regular bug which causes the program to fail.
Re:What's improved in the thread libraries? (Score:1)
Blocking on syscalls should not be an issue with libc_r (and this is also the case in 3.x - the changes to the 4.0 libc_r weren't in this area).
Re:Is the Linux emulation good enough to... (Score:1)
Basically, the FreeBSD kernel reconfigures itself to look like a Linux 2.2.x kernel from the point of view of a linux binary ("I can't believe it's not Linux!") - quite cool, really.
See http://www.freebsd.org/handbook/x20065.html ("How does the Linux mode work?") for a more detailed explanation.
Re:Why use FreeBSD when you have Linux? (Score:1)
Re:Chroot (Score:2)
FreeBSD Installation (Score:2)
You see, FreeBSD has a feature that only debian seems to rival for pure beauty. It's the ports directory. To install gnome, for instance, it's cd
and there you are, it'll fetch everything it needs, checksum the files for validation, and ramble on nicely.
I used to be a huge Linux fan. I still love Linux, but prolonged exposure to the BSD family as well as Linux has raised my desires for an OS almost unreachably. Try it, use it for a few months, and enjoy all the *ixs.
----------------------------
Re:is an ISO available, yet? (Score:2)
--
Solaris is closer to Linux IMHO (Score:2)
That being said, I think
--
What about automated testing? (Score:2)
I wonder if they use any tools for program validation. Stuff like the boundschecking gcc, or stuff similiar to Purify. Is it really only experienced devlopers staring at the code? Guess the NASA does er.. did slightly better in the past.
I'm not convinced that OpenBSD's "increased security" is significant enough to justify using it over FreeBSD or NetBSD. Except I'm going to be likely to start off a religious war with THIS one.
A system like FreeBSD is evolving quickly. Every day lots of lines of code get changed. Not every change has implications that are easy to grasp. To me, not experienced in security auditing, only exposed to theory of program testing, this looks like I either have a secure but slow evolving system or a quickly evolving system with potentially new security holes opening up.
Let's take the change to IPv6 for instance. You can't tell me that this will not go hand in hand with a lot of holes.
Back to automated testing:
I know that this is very hard to be done with complex programs, one reason being that it is not easy to come up with a formal specification to test against. I also don't expect that someone is able to give pre- and post conditions for every statement. But it should be able to perform a lot of the static and dynamic tests that are known to computer science.
Is this methodology not used in the domain of operating systems security or do they not talk about it? Or is it simply not possible or useful?
Linux emulation - not rocket science (Score:2)
You should have no trouble at all with already ported Linux apps. For example try this
marc@oranje$ cd /usr/ports/www/linux-netscape47-navigator
marc@oranje$ make install clean
marc@oranje$ netscape
and you can fire up Linux Netscape after a while.
For non ported applications the only trick to know is that a Linux binary perceives the file/directory hierarchy a bit different - it sees all stuff beneath /usr/compat/linux/usr as beneath /usr. Example:
marc@oranje$ pwd
/usr/compat/linux ../bin/bash # Linux bash /usr
/usr /bin/pwd # a pwd within FreeBSD
/usr/compat/linux/usr # you see the mapping?
marc@oranje$ uname
FreeBSD
marc@oranje$
marc@oranje$ uname
Linux
marc@oranje$ cd
marc@oranje$ pwd # a pwd within Linux system
marc@oranje$
marc@oranje$
Hope that helps - if not seed me an e-mail!
Re:Linux emulation - not rocket science (Score:2)
For me that didn't quite work (under FreeBSD 3.4). I still have to set SOCKS_NS to my local host address. I poked around in the linux /etc, but it seemed to be set to do dns correctly. I guess I need more Linux sysadmin knolage to make all the emulated-linux stuff work right.
I guess I'll know if I still need it under 4.0 this weekend...
Re:Installer/Initial configuration. (Score:2)
>is the installer for this new BSD or any other
>fairly "friendly"?
It sounds like you're ahead of the curve (i.e., clueful of what to do at a shell prompt, knows
the what and why of disk partitioning at least for workstation configs, won't totally freak out if you have to add your HorzSync and VertRefresh to
The installer for freebsd is a fairly friendly dialog-based script; the packages are tar.gz's.
Check the supported hardware before you even start though, as you should do for any os.
There are a few potential snags, but if you thought installing suse and slackware was easy, you'll be able to install freebsd in your sleep.
Re:Why use FreeBSD when you have Linux? (Score:2)
Concerns about OpenBSD remarks in all the posts (Score:2)
As seen somewhere in the posts:
>OpenBSD is more secure because 'they' say so.
>Now, why do 'they' say this?
>At one time, all the code was gone through line >by line looking for problems.
My response: (and other responses to other concerns follow. I qoute the OpenBSD website alot.)
Its not "at one time" as in past tense only concerning the security audit. Please read the security section [openbsd.org]-audit process of the OpenBSD website [openbsd.org]:
We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers a the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better. Flaws have been found in just about every area of the system. Entire new classes of security problems have been found during our audit, and often source code which had been audited earlier needs re-auditing with these new flaws in mind. Code often gets audited multiple times, and by multiple people with different auditing skills>.
The most intense part of our security auditing happened immediately before the OpenBSD 2.0 release and during the 2.0->2.1 transition, over the last third of 1996 and first half of 1997. Thousands (yes, thousands) of security issues were fixed rapidly over this year-long period; bugs like the standard buffer overflows, protocol implementation weaknesses, information gathering, and filesystem races. Hence most of the security problems that we encountered were fixed before our 2.1 release, and then a far smaller number needed fixing for our 2.2 release. We do not find as many problems anymore, it is simply a case of diminishing returns. Recently the security problems we find and fix tend to be significantly more obscure or complicated. Still we will persist for a number of reasons.
The auditing process is not over yet, and as you can see we continue to find and fix new security flaws.
Concerning comments about how OpenBSD doesn't install 100's extra non-vital programs by default (somehow making it bad), or have "xyz" service enabled - I go back to the OpenBSD website again:
To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.
So here's my thoughts.. If you want Foo app. Get it. Install it. Use the ports. The whole point of OpenBSD is to be secure and correct. Some of the philosophies which they use to achieve their goals may rub you the wrong way. Thats ok, don't use OpenBSD. Please just don't unnecesarrily disparrage it. I've just noticed an overall trend of a lack of understanding of the OS here on multiple posts and I wanted share a few concerns I had.
Re:Why use FreeBSD when you have Linux? (Score:2)
Re:I admit, I am interested... (Score:2)
the dd method is ancient, the cp functionality is fairly recent...
oh, and matt, we have an officers' meeting tomorrow (I guess its today now)
We are all in the gutter, but some of us are looking at the stars --Oscar Wilde
Re:I admit, I am interested... (Score:2)
Heh.... you're lucky I was up late playing Zelda64
hahahaha offtopic, perhaps?
"Software is like sex- the best is for free"
-Linus Torvalds
Re:Quick Question (Score:2)
No, I'm sure he's not dead, otherwise it would have made Slashdot headlines. He probably got fed up with these goddamn trolls and the rest of the bullshit that Slashdot's comments section has deteriorated to and moved on to better places. I'm starting to get fed up with it as well.
"Software is like sex- the best is for free"
-Linus Torvalds
Re:Whee.... (Score:2)
cd
make install
Wow... it downloaded gnome, realized it needed gtk, gnome-libs, and a bunch of other stuff, downloaded that, compiled, installed, and worked PERFECTLY. Wow. Another FreeBSD convert here (and I've only been running for 15 minutes!
"Software is like sex- the best is for free"
-Linus Torvalds
Whee.... (Score:2)
As a side note, though, the damn FTP server keeps kicking me off and I have to keep reconnecting, and none of the other servers have 4.0. Well, it's a good thing this FTP install is well-written and I don't have to start over every time
Anyway, I'm getting 70 KB/sec when it's working, so I guess it's not slashdotted too horribly
"Software is like sex- the best is for free"
-Linus Torvalds
Re:I admit, I am interested... (Score:2)
I don't understand why people always say to use dd to make boot floppies. Why not just do this:
cp kern.img
?
Works fine for me here (under Linux, anyway)
"Software is like sex- the best is for free"
-Linus Torvalds
Re:I admit, I am interested... (Score:2)
2. Yes. Install options are: CD, FTP (the two most popular), NFS, and local filesystem (Existing FreeBSD installation or DOS.) PPP and DHCP are provided for FTP installs.
3. KDE is not a "Linux" program (I know you didn't say that, but I can't stress it enough.) It's not "part" of FreeBSD anymore than it is a part of Linux. It's a third party program. If you install X during the installation, you're asked what Window Manager to install, and you can choose from KDE, Afterstep, WindowMaker & GNOME (not sure which WM.) Even if you don't, you can get the source for KDE and compile it yourself (Or let the Ports System do it for you.) It's also available as pre-compiled Packages (which is what sysinstall uses.)
4. FreeBSD comes with booteasy, but you can use any boot manager you want. There's better to choose from than LILO (and booteasy too.)
5. Warnings about using
6. 3.3 is old already. The latest release from the 3.X branch is 3.4. There will still be a 3.5-RELEASE(May), and then that will be the last from the 3.X-STABLE branch. 4.0-STABLE now exists, and 4.1-RELEASE will be a snapshot of that some time in June. 5.0-CURRENT is now 2 days old, and branched from 4.0. That's where all the development (and merging of BSD/OS code) will take place.
Sound is not in the GENERIC (default) kernel. That's something you'll have to compile in yourself. (MUCH easier than a Linux kernel compile btw. Add one line and do the config & make, etc. You don't have to sit through a Q&A session. [Not saying that's bad, just informing you of the ease with which a BSD kernel is made.])
Decent resolution? I assume that means X (XFree86 in this case), and like KDE, X is a third party program. The resolution you achieve now will be the same no matter if you use Linux or FreeBSD.
For hardware support in 4.0, read the link to the release notes that were provided in the story. (Sorry, you'll have to do that one on your own you lazy bum.)
Okay, I'll bite. (Score:2)
Hey Rob, Thanks for that tarball!
XFree86 4.0? (Score:2)
Does anyone know which version of X is included? I couldn't find any references to it in the release notes.
Cthulhu for President! [cthulhu.org]
Re:Nifty! (Score:2)
Recompiling the kernel definitely takes less time, so I guess I could say that the performance on the machine (which is a P5-200 with 48MB of RAM and a 1GB hard drive) has improved and can handle several more EMACS sessions (I like `ee' for it's ease of use) than before.
Of what I've heard, USB support is much better now, which would help improve desktop support. Unfortunately, FreeBSD is not quite as desktop-ready as Linux when it comes to drivers, some appliations and possibly ease of use, but all of those things should be caught up in no time.
I haven't used the multimedia stuff on FreeBSD since most of my work on it is setting up mail, DNS and FTP servers.
Re:XFree86 4.0? (Score:2)
I think 4.0 came just too late to be incorporated with the release. A port should be available from the Ports collection fairly soon (if not already).
Re:Installer/Initial configuration. (Score:2)
My last linux installs were debian 2.0 hamm and redhat 5.something
Yes, FreeBSD's installer is considered the most userfriendly. I find an install easier, and more powerful (Do a "Standard" install, the power of Custom is there, except it makes it harder for you to shoot yourself in the foot) than either of these two Linux distributions.
Yes, you can set up XFree86 during installation. With either Windowmaker, fvwm, KDE, or Enlightment (maybe another choice?)
Yes, a FreeBSD install should be very easy to install and use. /stand/sysinstall will hold your hand while you get used to the system. /usr/ports will make software installation easy. You don't outgrow ports (But you'll outgrow sysinstall for post-installation administration)
Re:Nifty! (Score:2)
I use FreeBSD on all of my workstations. I don't know why one would see Linux as more fit- I'm running linux-netscape, wordperfect8, staroffice, etc. As for hardware, multimedia or otherwise, Linux and FreeBSD are about equal. FreeBSD has the edge on things like USB and NICs. FreeBSD supports TV cards and all of those other toys too.. Go read LINT for a good idea on the hardware supported in kernel :) (http://bugg.strangled.net/LINT)
Re:Why use FreeBSD when you have Linux? (Score:2)
This is why companies like Hotmail, Yahoo!, Google, and the world's largest anonymous ftp server (ftp.cdrom.com, a.k.a., ftp.freesoftware.com) use it. Note that slashdot uses FreeBSD for certain functions, and the staff have spoken highly of it.
Because of the BSD license, it's easier for companies to take it and make embedded systems out of it. This is why companies like IBM/Whistle use it in the InterJet and InterJet II, not to mention the GNATbox, the NetWolves FoxBox, the Stallion ePipe, etc....
So, since you get your mail at hotmail.com, you can thank FreeBSD for being so stable and scalable!
--
Brad Knowles
Re:OpenBSD, come in from the cold. (Score:2)
I anticipate that there will be increased overlap between FreeBSD and the other members of the BSD family, as the folks at BSD, Inc. go out of their way to work closely with developers in each of the other camps -- to the benefit of everyone involved.
Whether Theo will ever come in out of the cold is another question entirely, however.
--
Brad Knowles
Is the Linux emulation good enough to... (Score:2)
Re:This isn't Freshmeat... so what? (Score:2)
Also: I am excited to see that FreeBSD4 is out. This is a great step for the FreeBSD crowd, although I will admit I don't use FreeBSD(yet.. I'm building a Linux box though. I just got the case and modem today :-)
Installer/Initial configuration. (Score:2)
I have installed Red Hat V4 and up and found them very easy, Slack the same, and Suse could be installed by a one armed, blind, Yak herder with the IQ of your average houseplant. Those installers were all not only easy, but detected most of my hardware on installation except Suse, which didn't use my sound card until I re-built the kernel, NBD.
How is BSD for that? I would like to have a go at it some time, but unfortunately my time for tinkering with new OS's is fairly limited so I prefer the installation to be as painless as I can manage.
Re:OpenBSD, come in from the cold. (Score:2)
...and why should he? He set out to write the world's most secure operating system and he succeeded. I'm hate to see a codebase fork as much as the next guy, but we've got a great product here... OpenBSD doesn't try to be all things to all people and that's exactly what we needed.
Free BSD is okay (Score:2)
In my home I have two Free BSD boxes, one is basically a web server and the other does mail and ftp.. Free BSD has proven a good solution for my needs and i wouldn't give Free BSD up. GNU/Linux still fulfills my needs for a Great Workstation and dialup ppp server, all in all Linux and Free BSD are nice packages.
Re:Why use FreeBSD or Linux when you have Windows? (Score:2)
Why use FreeBSD or Linux when you have Windows? (Score:2)
Windows 2000 Professional is the operating system for desktops and notebooks for all sizes of business. Windows 2000 Server is an entry-level solution for running more reliable and manageable file, print, intranet, communications and infrastructure services. Windows 2000 Advanced Server includes additional functionality to enhance availability and scalability of e-commerce and line-of-business applications.
Well publicized! (Score:2)
But perhaps I ask too much. Maybe they will bring themselves to mention this sometime soon. Or maybe OSS will continue to be synonymous with Linux as if Linus invented Open Source. Not that I dislike Linux or Linus, but it irks me that it hogs the spotlight so. BSD is STILL more mature in many(most?) ways, and, as this pays testement, is still improving.
*sigh* - At least there will always be Slashdot.
-N
Re:Shipping crypto out of the US... (Score:3)
OpenBSD and its dev's played a big role in OpenSSH.
OpenBSD places alot of importance on security and doing it right. Read all about it and get facts.
http://www.OpenBSD.org [openbsd.org]
http://www.openssh.com [openssh.com]
Re:Okay, I'll bite. (Score:3)
-----------
"You can't shake the Devil's hand and say you're only kidding."
A solid, feature rich, BSD flavor UNIX (Score:4)
OpenBSD, come in from the cold. (Score:4)
So, maybe we can add to some of that "BSDi are integrating their code" good feeling by starting to patch things up with Theo and the OpenBSD crowd. Note that it's important to not underestimate the quality of work that has gone into OpenBSD - you're not going to buffer overrun that bastard, believe you me.
And please, no FreeBSD RULEZ! OpenBSD SUX! crap (or vice versa). It just seems like a great opportunity to make three great server OS's (BSDi, FreeBSD, OpenBSD) into one absurdly great server OS.
Dave
Shipping crypto out of the US... (Score:4)
This is handled automatically during the normal install procedure, so the right crypto stuff is grabbed from the right archive site, and it all just plain works.
Way cool, and a leg up on even OpenBSD as far as this is concerned!
--
Brad Knowles