Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
BSD Operating Systems

OpenBSD 2.9 Released 110

Well, the mirrors have had overnight to update, so I suppose we can announce that OpenBSD 2.9 is available. The release notes and changelog contain details of what has changed and improved. For our newer readers, OpenBSD is a BSD flavor that concentrates on security - they aim to be the most secure server operating system.
This discussion has been archived. No new comments can be posted.

HOLD UNTIL WEB ANNOUNCEMENT OpenBSD 2.9 Released

Comments Filter:
  • by Anonymous Coward
    It contains IPF. The 2.9 CD was finalised before it was removed.
  • It's good to see them paying so much attention to security, but I'm a little confused about something. With all those buffer overflows they fixed in 2.9, how can they claim not to have any holes in the default release? Does this mean no holes with exploits? Perhaps someone who knows can help me out here (and please no "Theo is an idiot" responses).

    Again, it's good to see someone paying so much attention to security in their OS.

  • by Anonymous Coward
    People like you who take without giving should never use free software. If you can't contribute any substantial code to OpenBSD, the least you can do is pay $30 for the CD, so that the brilliant developers working on the project (and they are brilliant) can continue producing the most secure OS available.

    You're a leech, as are 99.99999999% of all free software users.
  • by Anonymous Coward
    _Exactly_. That is why I am very anti the BSD licence - it is no different than programming for Microsoft, and without pay!!
  • Exactly, "done corectly".

    OpenBSD is all about being done corectly, and from that, comes it's security. SMP is extremely hard to do completely corectly, they have only so much man power, so they haven't bothered.
  • >The mailling lists are key, but they are much less friendly.


    I find this hard to blieve, given the charismatic leader of the project . . .


    hawk

  • character assasination???


    Are you suggesting that Theo *is* charismatic? I thought it was pretty clear that I wasn't referring to specifics, but the notion that he and anyone might not get along . . .


    hawk

  • by hawk ( 1151 ) <hawk@eyry.org> on Friday June 01, 2001 @07:45AM (#184333) Journal
    >When i was a kid, we didn?t have cd's to load our
    >os's from. we had to toggle the instructions in >by hand on the front of the system t give the >thing enough smarts to talk to the paper tape >drive which


    for crying out loud, if you're going to try to make these kind of comments, at the very least don't use those moronic microsoft characters . . .


    besides, you're still claiming to be a newbie. Toggle switches indeed. And *paper* punched tape? An unreliable replacement for stone tablets.


    hawk

  • Most GNU/Linux programs will Compile on BSD/Tru64/AIX/HP-UX/QNX/BeOS or anything that has a POSIX layer

    Now I know you're only 13, but man are you naive. Most trivial programs will compile without too many problems, and some non-trivial programs as well. However, unless they're written with portability in mind (and the vast majority of programs aren't), porting can involve a considerable amount of work. Many of the problems come from non-POSIX/SUS interfaces that have the same name, but different arguments (or worse, the same arguments but different semantics) between OSes. getmntent() is a good example. Other problems come from the use of system specific interfaces, such as doors on Solaris.

  • this is the easy part. go download the floppy image in the approparite arch, dd it to a floppy, boot, and do a netinstall. you can't directly download the iso's of openbsd as they are copyright theo, so if you want a cd, you have to buy it. but if you're not a dialup (which you probably arent if you want to download isos), just do the netinstall.
  • It would be nice, though, if Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems were made available to everyone, not just Usenix members.

    Sorry, forgot it is less then a year old. Try the 1999 paper Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem [usenix.org], I think you can get that one.

    I don't really think the Usenix membership is worth $50/year to get the lame newsletter, access to the proceedings is pretty valuable, and their conferences are quite good. In addition to learning about soft updates the 1999 conference taught me a lot about how select sucks, how to make it suck less, and that not all of CA is a warm paradise.

  • by stripes ( 3681 ) on Friday June 01, 2001 @09:05AM (#184337) Homepage Journal
    The previous FFS was ass slow because it basically didn't cache writing to the disk (we're talking non-smartdrive DOS FAT16 speed here).

    Sure they did. They write-back cached data writes to disk. They write-through cached metadata disk writes (and blocked other writes until metadata writes completed). That would leave your filesystem in a mostly consistent state, and not suck too hard in the event of a power failure. The other choices are ignore the possibility of filesystem damage from power failures (or panics), I think Linux's EXT2 did that, or maybe just did it by default, or to log metadata changes (XFS does that, and I heard EXT3 does too, but I'm not sure).

    Softupdates carefully orders disk writes, and can if needed reconstruct the proper intermediate state for a metadata block. It has the performance of a totally async filesystem (i.e. somewhat higher then a logging system), but the stability of a logging system (i.e. better then the previous sync filesystem). It is also the major foundation for filesystem checkpoints and in-the-background fscks (possibly coming in FreeBSD 5.0).

    The other change they made (dirperf) had to do with directory block placement, I think the old algo attempted to put them close to the datafiles, and with larger caches this is no longer a win, and has become a loss. I haven't read any papers on it or anything, so I don't know a whole lot about it.

    Don't get me wrong, I've been using OpenBSD for my firewall for 2 years now and it's great. It just seems like this took a long, long time to get into a release.

    OpenBSD is secure in part because they are conservative in adopting new features. Two years ago softupdates was pretty new, and leaving it out let FreeBSD, BSD/OS, Solaris, and NetBSD experience the teething pain (as a BSD/OS beta user at the time softupdates was rolled in, I felt some of the pain, but it wasn't too bad, never had any data loss from it, unlike soft-read-only which I think was killed).

  • by stripes ( 3681 ) on Friday June 01, 2001 @09:11AM (#184338) Homepage Journal
    Could they be a little more specific ? How was it analyized ?

    I doubt that number was. For some real benchmarks you can look at Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems [usenix.org] from the 2000 Usenix Procedings [usenix.org]. In addition to having useful info in and of itself it has references to other information. You can also try McKusic's home pages [mckusick.com] he may have newer info that, and does have some info about the experimental checkpointing.

    I don't know about dirperf though. Never seen a paper on it.

  • Yes. There is a lot of unlearning Linux habits for OpenBSD habits. For what it is worth switching between distros can be similar. For me it was getting my head around the disk partitioning and that silly 'c' slice/partition. ('c' partion is supposed to be the entire disk.)
  • OpenBSD doesn't have SMP because of the huge security risks.

    Could you explain this? How can using multiple processors create security risks, if it's done correctly? The only answer that I can think of is race conditions, but I don't see that being a problem if the SMP support is carefully programmed. This statement especially seems like a troll when the page you link to says that the OpenBSD project is implementing SMP....


  • by rho ( 6063 ) on Friday June 01, 2001 @06:35AM (#184341) Homepage Journal

    I though Theo dumped ipf [slashdot.org], but from the release notes:

    • ipf 3.4.16 (+ patches)

    So, is all forgiven, or what?

  • Heh, I used to use BSD back in the 4.2 days, and SunOS more recently, but I always found Linux...non-intuitive. Then I installed NetBSD and it was like going home again. Much more comfortable (for me) than when I switched from Red Hat to Debian.
  • Well FreeBSD often outperforms linux...
    Here are some server tests from a Byte article:
    There are several articles on Byte.com

    http://www.eoenabled.com/byte-itdev/default.asp?i= Linux+vs+FreeBSD&tid=1&n=33686541

    look for the one entitled: Byte > Column > Linux 2.4 vs FreeBSD 4.1.1 > For Servers: Linux 2.4 vs. FreeBSD 4.1.1 > January 30, 2001

    Its results may surprise little daemons and penguins alike.
  • Look up the word "proactive" in the dictionary.

    It's not in the vocabulary of 99% of OS developers , and is what makes OpenBSD superior.
  • And, nothing prevents anyone from downloading IPF and compiling it on OpenBSD in the future - it just won't be on the CD anywhere.
  • That was a joke, please adjust your satire detection threshold...
  • Kernel compilaton IS necessary for a server. If you put real iron on the box, or little iron, you'll need a custom kernel. The settings for OpenBSD are reasonable and will run all but the weakest machine. However, getting it to take advantage of more memory, etc., may require some tweaks.

    Im a linux guy myself, with solaris admin experience as well.. I agree with everything you say, but I take exception to that paragraph.

    The goal for real world server is uptime, reliability, and configurability. And those all mean useing standards. Even if you could tweek a bit of performance out of a box, your probabaly better off leaving it alone.

    Thats not to say that recompiling a kernel isnt necessary. And there are a lot of options (in the linux kernel at least). But if your sugesting that you should go into the source for tweeks, then your just opening yourself up for problems.

  • You could download all the code and make your own ISO's, which you could post on the internet. But that would undermine the project's support.

    It's already being done. Does OpenBSD feel undermined?

    In any event, Linux manages to thrive despite it. RedHat manages to make money despite it. Perhaps it's time for Theo to quit saying "it would kill the project" in light of the body of evidence that it'd do the exact opposite.

    ftp://ftp.zedz.net/pub/varia/OpenBSD.iso/
    -
  • "OpenBSD is great for a firewall/Nat machine, or high security nfs/web/mail server, but it ain't no workstation for the rest of us."

    I've been using OpenBSD on my desktop exclusively since the mid-2.7 cycle after having it on other machines since 2.3.

    It's secure, robust, and stable. My 104 day uptime on my main machine with ~25 users capable of using X and VNC through an SSH tunnel will be gone today for the 2.9 update. Quite stable indeed.

    It's Linux compatibility works very well, it's ports collection is growing fast (if a port doesn't exist yet, try a freebsd port, it will likely work)

    I sleep very well knowing that if I missed something, Theo and the boys have very likely covered my backside.

    grub
  • I find this hard to blieve, given the charismatic leader of the project . . .

    Character assassination is silly. Just because someone tells you to RTFM when you ask "why does backspace print ^H?" doesn't make it any less friendly. Conversly, it helps you become less dependent on others and helps keep the lists S/N ratio quite managable.

    grub

  • I find this hard to blieve, given the charismatic leader of the project . . .

    Character assassination is silly. Just because someone tells you to RTFM when you ask "why does backspace print ^H?" doesn't make it any less friendly. Conversly, it helps you become less dependent on others and helps keep the lists S/N ratio quite managable.

    grub

  • "obviously you haven't read much of Theo's postings..."

    Yes I have, but I can be as big an asshole and think it's great that he calls a spade a spade.

    grub

  • Granted I'm a linux user, but I have been interested in using BSD as a secure webserver for work. What should one look out for with this new release? is there any pitfalls or caveats that I should keep an eye on?

  • Achem... That weird "disklabel" method is actually the standard UNIX way to do partitions. The idea is that "a = /", "b = swap", "c = whole disk", and the rest of the letters to "/usr", "/var", etc.

    The other *BSDs do it that way, Solaris does it, I think IRIX does it, AIX doesn't though (but then again, AIX uses it's fancy volume manager by default).
  • Oops! Slashdot seems to have eaten my <Wild speculation> tags.


    Caution: Now approaching the (technological) singularity.
  • by HiThere ( 15173 ) <charleshixsn@earthlink. n e t> on Friday June 01, 2001 @07:48AM (#184356)

    I think that fully utilizing multi-processing might, indeed, pose debugging problems that haven't been addressed sufficiently for the OS kernel to use them. There are, however, alternatives.

    E.g.: Run the OS on one CPU, and have it task user (non-superuser) jobs to whatever processor is less busy. Keep all jobs decending from one particular process on the same CPU (e.g., forking would not be allowed to spill-over from one CPU to the next). A few similar restrictions.

    Now it is true that this would prevent the full capabilities of a multi-CPU processor from being used (on any one login stream). On the other hand, it would drastically simplify analysis. Most of the problems have already been thoroughly addressed. Etc. (If I said any more, I'd start showing how thoroughly ignorant I am, buy my guess is that the real reason for missing multi-pu support is that fixing the multi-processor issues requires a lot more time and effort than is available.)


    Caution: Now approaching the (technological) singularity.
  • I use OpenBSD as firewall on one PC and as desktop on another since 1 year and like it! Already the man pages alone make it worth. Here's a screenshot from my wide-screen 21" Sony FW900 [t-online.de]


  • how many high-traffic web servers run OpenBSD? How do they overcome the lack of SMTP botteneck? Or do the majority of high-traffic web sites use an SMTP-capable version of BSD?

    SMTP = Simple Mail Transport/Transfer Protocol. SMP = Symmetric Multi-Processor. And a " lack of STMP [sic] bottleneck" would be a good thing! No need to overcome it..
  • How is that any different from using the GPL and programming for Redhat without pay?

    I don't like Microsoft. I don't like Windows. But if OpenBSD being under the BSD license keeps some Windows users from being cracked, then that alone is worth all of the FUD and SHIT from the "freedom==restriction" GNUzis.
  • With the BSD-license you don't have to distributed the source, so companies can take the source easier.

    Absolutely wonderful! That's the whole beauty of unrestricted licenses like the BSD and MIT.

    You see, information has a special nature. It wants to be free. It can be infinitely copied. It costs nothing to reproduce. IT CANNOT BE STOLEN!

    Let the companies take the source! Nothing they can do it can possibly harm it. Fold, spindle, mutilate and relicense your copy. Let them charge $1200 a copy, and have 20 page EULAs. My copy is right here! Unchanged! Still Free! Ha ha!
  • No ISO is available. You don't need it.

    Just download and burn the relevant bits, i.e. the install CD comes with SPARC binaries and a boatload of precompiled packages that you won't need.

    Or just download the boot floppies and do an FTP install.

    Take a look at INSTALL.i386 for detailed install instructions.

    If that's too much bother then you might want to reconsider installing OpenBSD at all... It's not newbie friendly, the developers have other priorities.
  • by Clover_Kicker ( 20761 ) <clover_kicker@yahoo.com> on Friday June 01, 2001 @07:54AM (#184362)
    >Web support sucks. The FAQ, etc. provides some
    >help, not much. Even USENET isn't THAT helpful.
    >You need need to get used to reading man pages...
    >a LOT.

    That's intentional. The idea is that all OpenBSD documentation should be available from the man pages instead of scattered over man pages, info pages, FAQs, and HOWTOs.

    Opinions vary, to me that's a "feature", but I freely concede that some consider it a "bug".
  • One correction to your otherwise excellent post: there is a LOT of commercial support, more than I expected. Check out the page [openbsd.org] at OpenBSD dedicated to listing the support by country
  • "Open" security versus "security by obscurity".
  • by IcePic ( 23761 ) on Friday June 01, 2001 @06:38AM (#184366) Homepage
    The release contains what was "-current" as of
    a few weeks ago. The CD burning factory needs more
    than a couple of seconds to burn all those CDs.

    At that time, the ipf thing hadn't started.
    The release is the same as the CD contents.
    Therefore, 2.9 has ipf.
  • by lil_billy ( 25771 ) on Friday June 01, 2001 @06:41AM (#184367)
    Per the article, I heartily recommend that you read:
    http://www.openbsd.org/29.html

    ...and also http://www.openbsd.org/

    2.9 incorporates filesystem improvements that net a 60x performance increase.

    Additionally, the new version of ipf that it contains fixes serious security holes with fragmented packets.

    HTH.
  • Er, no.

    Firstly, you really think that BSD source could just be dropped into Windows with its totally different internal architecture?

    Secondly, free coding for Microsoft implies that you wouldn't be getting anything more than satisfaction out of it. Even if somone does use your source, though, the community still has it! A major argument against limiting software distribution seems to be that it's creating artificial scarcity - well, you'd only lose that code if there was real scarcity. There isn't.

    Thirdly, I don't care. If I help a fellow programmer then I'm pleased. Heck, I spent _ages_ trawling code archives earlier today to find some odd function and it's the same principle here. I want to help others... If I help improve the experience of normal users through my code, same again.

    BSD code is good.
  • they aim to be the most secure server operating system

    ...but don't succeed for the same reasons everybody else doesn't succeed -- people use their distribution. Admins put their own software on it, and don't keep the bundled software up to date (because of downtime concerns, or laziness, or lack of knowledge). Admins let users touch the machines. All of these things that make a machine useful totally undermine the security. I'm not saying that it isn't useful to start with an OS that has had a decent security audit, just that unless you can audit what the admins install and the users do it doesn't matter if you're running OpenBSD or Linux or AIX, etc.

    The OpenBSD project has brought a number of useful things into the world, though. Even Red Hat uses OpenSSH now, and if you don't use OpenBSD anywhere, you probably are using code they've audited or written. Thanks guys!

  • You think it's cool to insult people unnecessarilly?

    It's one thing to make it clear to someone that they are wasting your time and should do their own research. It's another thing to insult them in the process.
  • If you really think that people should be forced (whether legally or socially) to compensate developers for copies of their code, you should not be advocating Free Software. The idea behind Free software is that by copying something, you don't take anything away from the person from whom you copy, thus there is nothing wrong with being a "leech". If you disagree, then don't pretend to support the ideals of "Free Software". If developers expect to receive monetary compensation on anything other than a voluntary basis, they should not be developing Free Software.
  • Ok, this is completely insane. I post a message with good, strong, valid technical information and it gets moded down as flame bait?!? No wonder /. is such a joke WRT having worthwhile information content. I would challange anyone to do research into system performance and find anything that would prove that my original post was in any way flame bait.

    ---
  • There is a general aura of pissiness from the community. You're expected to thoroughly research every problem before asking for their help. Like I said, the documentation is your best friend, not fellow OpenBSDers. This certainly encouraged me to be very self-sufficient, but I spent many an hour scouring documentation looking for help with undocumented problems.

    You don't want to be asking AOL questions on the tech mailing list, thats for sure. On the other hand, if you can hire an OpenBSD contributor for a little consulting to help you get oriented, you'll do well. More useful advice for companies than home users, I guess.

  • When i was a kid, I had to walk

    I had to walk uphill, both ways, in waist deep snow.

  • Actually...

    I moved from NT to OpenBSD about a year and a half back. (Kind of a radical switch, eh? :) I had previous experience as a sysadmin, which helped a lot, but relatively little working with UNIXes. I found it surprisingly logical and easy to get used to, believe it or not. So I wonder whether the trickiness of moving from Linux to Open is as much to do with unlearning Linux habits as Open's relative starkness.

    Cheers,

    Mat.
  • If it's so secure, then why is it called OpenBSD?

    SCNR ;-)
  • by wbb4 ( 60942 ) on Friday June 01, 2001 @06:41AM (#184377)
    To clarify some people's missinformation...

    IPF was removed from 2.9-CURRENT. This DOES NOT effect 2.9-RELEASE, from which CDs were mastered a month ago.

  • Last I heard MP is in their plans, not SMP. Perfect for running crypto &c on the second processor, and far fewer races to worry about.
  • He just meant that you need to compile with higher limits and defaults set (like # of expected users). Though I think you can tweak most of the limits at runtime if you want.
  • from www.openbsd.org's main page: "Four years without a remote hole in the default install!"

    OpenBSD installs with a minimum of services running, syslog, sendmail running only to listen locally and send remotely, and a couple of other services required for running (init, etc). Even a full install of the entire system including xwindows, the same limited number of services start.

    Compare this with a few other vendors, full install leaves your system running with apache, fully functional sendmail listening everywhere, ftpd, nntpd, xfs, xdm, etc.

    Most likely, the fixed buffer overflows are in programs that are not running after a default install. They make no guarantees about what happens once the user gets in and starts mucking around with stuff.
  • FWIW, FreeBSD is trialling binary update packages for security holes starting with 4.3-RELEASE. If things go well, perhaps OpenBSD will adopt a similar system.
  • In FreeBSD-CURRENT, background fscks are now a reality (with softupdates). That means that there's really no fsck on boot, but rather a background process that maintains consistency using idle cycles. And if it gets interrupted, that doesn't matter either, because it'll just pick up where it left off as its changes are bound by softupdates as well. Isn't that neat?
  • ftp://ftp.fsn.hu/pub/CDROM-Images/openbsd
  • I think a nice solution for the original poster would be to try FreeBSD -- it's relatively close security-wise, and has good docs, ports, and a very ordered development process. Plus, it just makes me feel good. Try it. ;)

  • Let me clairfy. The link I provided was for the people who are trying to do it correctly. I am most definitly not trying to troll, I am a proud user of OpenBSD.

    The core team also doesn't have many SMP machines to do the testing on. But there are some people who are working on it. I don't have a link, but I remember Theo, or one of the core members, mentioning several things that would have to be done to enable SMP properly. I am not a programmer, so I don't have all of the details, but you could contact the SMP team, and inquire them for status, and for any assistance you can offer.

  • You haven't ever compiled an OpenBSD kernel, have you? To get tweaks, you need to change some settings. Some of these are in the options file you edit, some are not. The ones that are not require you to learn about them from obscure postings to mailling lists or in random performance tuning sites for various packages.

    Compiling an OpenBSD kernel isn't fun, but is necessary. For example, OpenBSD only uses 5% of memory for cacheing the drive. Now if you have obscene amounts of RAM, this is adequate. If you have little RAM, this is important so you have memory for your applications.

    IF you have a moderate amount, say 256MB or 512MB, you probably want to have more space for disk caching, so you need to recompile your kernel.

    More specific issues requrie more tuning.

    Alex
  • I hammered off a quick slashdot post on a threat discussing the kernel and other stuff.

    However, don't be an asshole.

    I didn't mean what it sounded like.

    The buffer cache is set too low. I realize that the page cache grows, but the buffer cache at a higher level does a tremendous affect on performance. I don't know why exactly, but I know that each server has a sweetspot, and you want to get a decent chunk of your RAM reserved for this process.

    The default is too low for a machine with moderate memory amounts. The O'Reilly book covered this.

    Personal attacks whenever you catch someone in a brain fart isn't really polite, is it?

    Alex
  • by alexhmit01 ( 104757 ) on Friday June 01, 2001 @06:54AM (#184388)
    I switched from Linux to OpenBSD... not considering going back. However, really think carefully about the change, it is non-trivial.

    There are no binary patches. If there is a security whole, you can patch the source tree and rebuild. Alternatively you can shut down the services. There are patches to OpenBSD, and applying them requires more knowledge.

    Web support sucks. The FAQ, etc. provides some help, not much. Even USENET isn't THAT helpful. You need need to get used to reading man pages... a LOT.

    Init: rc style. I think that that the rc system is infinitely more manageable and sane in a BSD environment than a SysV environment, but YMMV.

    Community support. The mailling lists are key, but they are much less friendly. Advocacy isn't a priority. If there is a question answered somewhere in the documentation, you'll get told RTFM. If the docs aren't what you are looking for and need a different level of help (more/less tech than the man pages) you may or may not get it.

    Apache and mod_ssl are built in. The ports collection is solid. It may not be huge, but I've found just about everything I want there. Keeping ports up with the snapshots is a nice way to get up to date userland code.

    Kernel compilaton IS necessary for a server. If you put real iron on the box, or little iron, you'll need a custom kernel. The settings for OpenBSD are reasonable and will run all but the weakest machine. However, getting it to take advantage of more memory, etc., may require some tweaks.

    I love OpenBSD, but it is NOT Linux. There is no community bent on global domination. Lots of "Open Source" projects are Linux specific... fortunately its just the crappy ones. However, you'll find annoying issues like cronolog not compiling, no PHP Cache, etc. There is no commercial support.

    Unlike a Redhat, OpenBSD is not corporate, it's Theo's toy. As a result, they do what they want, not an attempt to appease customers. With a Redhat box, while some of your code is "scratching an itch," corporate coders can code what is needed.

    Realize that the Linux comforts will be lacking.

    If you are a sysadmin, check out OpenBSD. If you have a Linux box at home for playing with and think that you are l33t, stay away from OpenBSD with a 10' pole.

    Alex
  • How can he do this? Isn't OpenBSD under the BSD license? I thought that meant I could do what ever the heck I wanted with it. How can he stop it?
    Molog

    So Linus, what are we doing tonight?

  • so basicaly openBSD is breaking ipf's guy copyright ? because ipf guy never allowed modifications/redistributions and the way copyright works is that any right not explicitly granted is implicitibly reserved. thus because he is not giving permission for modifications it means that you can not modify it.
  • Hey, I see the BSD Daemon right alongside the Linux Penguin! ok, next release a story on either Unix, Apple, Amiga, or MS...

  • These Buffer Overflows were local holes (i.e. you had to have to have a foothold on the box to take advantage of it).

    For the past four years, OpenBSD has had no remote holes in the default install.

  • It's ironical. Like rain on a rainy day. Like a free Unix for which one pays. It's the good advice that Windows just didn't take. Who'd 've thought it figured.
  • by matroid ( 120029 ) on Friday June 01, 2001 @07:35AM (#184394) Homepage

    What Alex says is right on the nose (i.e. mod that comment up!). I too switched from Linux to OpenBSD at home almost 3 years ago, and have been using it for various projects at work for the past 2 years. This is what I've discovered:

    • Major security problems are few and far between (and usually not in the default install). I sleep a lot easier at night knowing that there's little chance my machines will be cracked.

    • Documentation is your best friend. Almost everything you need to know is in the FAQ or the man pages.

    • There is a general aura of pissiness from the community. You're expected to thoroughly research every problem before asking for their help. Like I said, the documentation is your best friend, not fellow OpenBSDers. This certainly encouraged me to be very self-sufficient, but I spent many an hour scouring documentation looking for help with undocumented problems.

    • The ports collection has gotten some 40,000% better since I first started using OpenBSD. Still, it's up to YOU to keep the ports current and patched.

    • Theo's attitude wears on me. Granted I usually agree with his decisions for the OS, I still feel that he's a powderkeg ready to blow, and I'll be left with an OS that I no longer love. As the above comment mentioned, Theo regards OpenBSD as his toy. His loyalties lie with himself, not with his userbase. That is, I'd classify him as a dictator, but I'm not sure he's so benevolent...

    In conclusion, I'd say trying OpenBSD is something every geek should do. But, admittedly, my loyalty to the OS (Theo) is waning, and I'm beginning to think FreeBSD might be a better choice.

    Whatever the case, I'm sure Theo doesn't give a good god-damn...

    Happy hacking,
    The 'roid

  • 2.9 incorporates filesystem improvements that net a 60x performance increase.

    Could they be a little more specific ? How was it analyized ?

  • Its true that OBSD Doesn't have SMP, but FreeBSD Does. Now i have never had a chance to play around with FreeBSD SMP, but I have heard Good Things. Not much help, but i figured the answer to "do any of the BSD's Especially freeBSD have SMP" being answered with a "no OpenBSD doesn't have SMP" Was Way misleading, and shouldn't have been modded so high, so i threw in my 2 cents.
  • You're thinking of the community-developed drivers that come with XFree86 4.x. However, those drivers don't have some of the features of nVidia's commercial drivers, and do NOT have OpenGL accelleration. The commercial nVidia drivers, while evil, are the best performing video drivers for Linux today. And since part of those drivers is a Linux kernel module, they won't work on anything other then x86 Linux.

    Of course, if you _are_ using x86 Linux, the drivers rock. It's disappointing that they're closed source, but _for_now_, nVidia is doing a very good job keeping them up to date (they used to be terrible at this, and could conceivably become terribly about it in the future, which is why I hope ATI or Matrox does something worthy).


    Sotto la panca, la capra crepa
  • Web support sucks. The FAQ, etc. provides some help, not much. Even USENET isn't THAT helpful. You need need to get used to reading man pages... a LOT.

    Sounds like an advantage to me if all the information is in the right place on the system rather than scattered all over the world. probably means it's up to date too.
    _O_


  • I think it makes a dam good workstation... personally.

    Just dig around in the ports (and packages) and slap things like enlightenment and eterm on there and it makes a dam sexy workstation and just flies with that time of setup... (or window maker or kde... what ever tickles your boat)

    For desktop though it may be kinda of lacking, you can get Netscape and some other Linux binaries working... but you won't be playing things like Diablo 2, IE or consumer level win32 or mac binaries... (probably your best bet there is either a win32 or mac machine and run native)..

    That is J(ust)MHO though.


  • yiippeee. Good job Theo! You THE man!. And a day before I turn 21. This is one excellent weekend. Want to see OpenBSD in action?
    http://www.lemure.net. Of course its probably going to be down after i get back from work... mmm softupdates.
  • It's got softupdates, like the other guy mentioned.
    Lots more hardware support.
    Tighter code from bug fixes of previous releases(as always)
    Look out for:
    There is a sendmail bug that is in -RELEASE. its a theoretical hole, and for all the Linux trolls out there, its not enabled when you first install (v. intelligent). But, if your serious, its a good idea to patch it immediately like a good OpenBSD user :-).
  • Where are the binary package updates for 2.9, come on!
    Want them, make them. Hell, you could sell them. This is BSD land, things are a little tuffer, but no one ever said they were going to hold your hand.
  • It looks like the trolls are out in full force this morning. Any any rate, I have for y'all a very legit question... how do the *bsd's (especially FreeBSD) stack up to Linux and other x86 OS'es in terms of performance on 1 and 2 CPU machines? I did the usual search with Google, DejaGoogle, and Altavista and only came up with a few biased "application x: FreeBSD vs Linux" bakeoffs. Does anyone have any comments or URLs that could be of use in my quest to compare FreeBSD to Linux. Please forgive me and this trollish / flameish post... I come from a NeXT/Sun/SGI background and have at best only dabbled with x86.
  • Yup, my short experience with OBSD led to my
    conclusion, that I was WAY out of my league.

    OpenBSD will teach you everything you never
    wanted to know about Unix.

    OpenBSD is great for a firewall/Nat machine, or
    high security nfs/web/mail server, but it ain't
    no workstation for the rest of us.
  • It would be nice, though, if Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems were made available to everyone, not just Usenix members. There is a fucking login to read it.
  • Except that darren's version doesn't have those
    "OpenBSD special" patches any longer (except
    those committed into ofcourse).
    This _might_ even prevent compiling!


    --
  • Yes, fully right, but...
    Theo explicitly forbids distribution of the
    _original_
    CD-ISO-Images. He may do this because they are
    copyrighted (by him).
    You also can buy unofficial images for $5 or so
    (as e.g. you can with debian, too).
    But I decided to spend that money cuz I want to help that project.


    --
  • "many good x implementations exist for os x. the fact that they dont come from apple shouldnt be a problem for *nix users with their "roll your own" mentality. aqua is better for the consumer crowd"

    That X-win system by Tenon is nothing more than xFree with their own imaging system to make it work inside of OS X rather than beside(which of course they think is worth $200), and X-on-X (with a few patches) combined with XFree gives the same effect for less money. So whats the problem you ask? It's not functionaly transparent, just like classic wasn't transparent in the Public Beta (Apple has made a lot of progress with Classic from DP3 to the final version).

    What I want is a downloadable package installer that that adds X-win capability to Aqua (well within reasonable limitations, I dont need to export my IE window) that works at least as transparently as Classic does and includes an optional installer package for the X-win headers for compiling packages with Apples port of gcc that comes with OS X.

    Or better yet, provide a tool kit that helps covert X-Win GUI calls to Aqua GUI calls and lets us compile them natively.

  • by Auckerman ( 223266 ) on Friday June 01, 2001 @07:29AM (#184409)
    "Arguing over which UNIX is better is pointless because until you get to the source level they look, feel and behave about the same"

    This is just not true and shows how very little you know about Operating Systems strengths and weaknesses. Like Slashdot noted, OpenBSD is designed for security. They actively seek and destroy anything that could be used to compromise the system and the OpenBSD group has been very sucessful with this. That's a strength. Linux runs Q3A and UT, and thousands of scientific applications, those are strengths. IRIX has a superb OpenGL implementation. MacOS X has one of the best GUI's around. FreeBSD is fast.

    My point, the differences between Unixes are not in the source, but are much more obvious. Each development team has goals. Each goal shows through in the over all design of the OS and makes it so that each Unix does have a reason for existing in a world of generic Unixes.

    Now, on the question of which is better...Well, actually, it depends on your goals.....everyones goals are different. Some people have political agenda's (GPL vs. BSD), some people have specific needs (absolute securty at any price, playing games, or graphics performance), and some people just don't care and get what is easiest for them to use. There is no "best" only what is best for you, cause not a SINGLE unix distrib has an all round strength (though I would argue that if Apple integrated X-Win into Aqua, the combination of default security, Java2, OpenGL, Quicktime, BSD core services, et al would bring it close to being the strongest for all round uses, but hey, thats MY bias)

  • though I would argue that if Apple integrated X-Win into Aqua, the combination of default security, Java2, OpenGL, Quicktime, BSD core services, et al would bring it close to being the strongest for all round uses, but hey, thats MY bias

    many good x implementations exist for os x. the fact that they dont come from apple shouldnt be a problem for *nix users with their "roll your own" mentality. aqua is better for the consumer crowd
  • by segfaultcoredump ( 226031 ) on Friday June 01, 2001 @06:55AM (#184412)
    you kids have it soooo easy now a days....

    when i was a kid, we didn't have cd's to load our os's from. we had to toggle the instructions in by hand on the front of the system t give the thing enough smarts to talk to the paper tape drive which then loaded the code to talk to the tape system.....

    we didn't have no fancy gui's. We had punch cards, and we liked it. Back in the good days, you actually had to know what you were doing in order to program the machine. We didn't have no "high level" languages like C. And we liked it that way, it kept the wimps off of our systems.

    You should be happy that you only have to drive 2 hours to get to a store. When i was a kid, I had to walk.

    kids... you think that you have it soooo hard....
  • So OpenBSD's about security, not necessarily performance... So how many high-traffic web servers run OpenBSD? How do they overcome the lack of SMTP botteneck? Or do the majority of high-traffic web sites use an SMTP-capable version of BSD?
  • Use XFree86 4.03. It has drivers for TNT and GeForce cards. I personally am running a GeForce 2 GTS card at 1024x768x24. Oh, and it absolutly screams! As for Netscape, it is true that it is very unstable. My best suggestion is to grab a mozilla nightly. It's about 1000x more stable than Netscape ever was, plus with the GUI cleanup (post 0.9) it feels alot more like IE. In fact, I'm typing this using Mozilla right now. :-)
  • by ConsumedByTV ( 243497 ) on Friday June 01, 2001 @06:43AM (#184415) Homepage
    Open BSD doesnt even stack up with dual cpu boxes, it doesnt have SMP support.


    The Lottery:
  • For me it was getting my head around the disk partitioning and that silly 'c' slice/partition. ('c' partion is supposed to be the entire disk.)

    Yeah, what exactly is up with that crazy way of doing the partitions? I've tried the install a few times now (OBSD 2.8), and can never get past that part successfully. Even when I tell it to use defaults, I can't get past there. I've done plenty with normal partitions, but all the disklabel and strangish partition letters and such bugger me no end. When I've seen OBSD running on other's machines though, it seems quite nice.
  • I can't believe I'm responding to an A/C, but here goes... Oh man... you really should just keep using your win98 Excuse me... I haven't used win98 by choice for at least a year. I use Linux quite regularly, and have set up more than one server with it for various reasons. The Linux way of doing partitions makes perfect sense... you creat a partition, your format the partition, and you tell Linux what to use that partition as (/, /var, /tmp, whatever). Even if a person couldn't figure it out intuitively, they could read the information on the screen or go read a howto or something, and figure it out quite easily. I have read through the disklabel documentation several times, and it still does not make logical sense. Perhaps I am missing something, but it should not be that difficult to set up partitions for a stinking OS. People say Linux has a long ways to go, but BSD from what I've seen has WAY farthur to go before the masses even begin to look at it as a Windows alternative for most tasks.
  • Well don't you think that if you can find all these overflows in ipchains or iptables, that you would be an ideal developer for the netfilter team? I mean even they can't find these overflows.

    You sound like a genious.
  • Over in the Linux on PS1 forum I posted [slashdot.org] a responce to a BSD guy saying Linux is pointless then I come and see that there is a BSD story and that a flamewar will probably erupt. This forum is the much more appropriete place for it. I'm going to post my post minus the stuff on the PS1. Of course some idiot moderator will mod me down redundent but...

    First of I have nothing against BSD, heck anything I write*, is being released under the BSD licence. The only reason I have RedHat GNU/Linux rather than FreeBSD on my parent's PC is because I live in a small town and the only way to get FreeBSD is to drive two hours away and buy a $110CAN Book and I'm 13 and have no credit card to buy it online.

    Now that the disclaimer is out of the way...
    Until I got my Macintosh I did all my work in KOffice using XFce as my Window Manager. I found it quite easy to use and powerful for the price of $0. I'm sure I could do just the same on FreeBSD or any UNIX. I really don't see why anyone makes a big deal about which UNIX they run. When someone asks me what I run I Anwser "My Mac for working and gaming and UNIX for Programming."

    Arguing over which UNIX is better is pointless because until you get to the source level they look, feel and behave about the same. Most GNU/Linux programs will Compile on BSD/Tru64/AIX/HP-UX/QNX/BeOS or anything that has a POSIX layer, thus making the argument that "My UNIX is better than your UNIX!" worse. I don't see why UNIX people can't get along: vi vs emacs, KDE vs GNOME, GUI vs CLI, BSD vs GNU/Linux...

    The funny thing is the only thing UNIX people will agree on is that UNIX is the best.

    *All I've got written right now is a dice roller in Perl, I AM only 13...


    --Volrath50

  • In short I was generalizing, I guess a little too much for some people...

    I do know that all Unices have there strengths and weaknesses, and I know most of them, I just didn't want to spend 10 more minutes I don't have typing out all the strengths. I figured that the average /.er would already know them. My post was more "Would you please stop fighting over which is best! They are all good!"

    Someone else pointed out that many GNU/Linux apps won't compile on some POSIX systems. I know that. I said most. I should have said "Most POSIX compliant programs designed for GNU/Linux will compile with little or no modification, others with much more modification." Again, I figured most people would know that not all programs will compile.

    Anyways I guess in futre post I'll have to point out every last thing about UNIXs that I know for risk of someone saying that I should have said that. You'd think that people would be able to know that I was just generalizing....


    --Volrath50

  • I'm new to BSD... heck, pretty new to Linux. (Installed Redhat a couple of times, ran it for quite a while, attempted to install Debian, fubar'd it, never tried to reinstall is) I was going to try either BSD or Mandrake next... BSD is especially appealling due to the fact that I'm going to be turning my old computer into my gateway/firewall/ftp/print/whatever server and I'd like it as secure as possible. Mandrake has iso's available for their latest version, does OpenBSD have these as well? I'm getting damn lazy when it comes to downloading a ton of different directories and trying to figure out just how to make a cd out of them. Ratguy

  • Web support sucks. The FAQ, etc. provides some help, not much. Even USENET isn't THAT helpful. You need need to get used to reading man pages... a LOT.


    The difference is, BSD man pages tend to be MUCH better written and more useful[1] than GNU man pages,
    so a lot of the time you can solve problems without having to resort to searching the web.

    Init: rc style. I think that that the rc system is infinitely more manageable and sane in a BSD environment than a SysV environment, but YMMV.


    Agreed. BSD init is just a lot more logical.


    Community support. The mailling lists are key, but they are much less friendly. Advocacy isn't a priority. If there is a question answered somewhere in the documentation, you'll get told RTFM. If the docs aren't what you are looking for and need a different level of help (more/less tech than the man pages) you may or may not get it.


    Going back to my first point, usually the docs WILL help enough, if you use them.
    If it's really something difficult, people will usually help.

    -d00d
    [1] I'm not the only one who's noticed this...
  • by azimir ( 316998 ) on Friday June 01, 2001 @09:22AM (#184426) Homepage
    Yes, Theo can do this.

    Here's how I believe it works.
    The *source* is available for anyone to take, change, and otherwise use with the BSD liscence. You can do whatever the hack you want with it.

    The *ISO* layout that is sold by the OpenBSD group is copyright to Theo - that means that you have to get his permission to distribute it. Now, that doesn't mean that you can't make your own ISO and distribute that, but you can't distribute the *official* release. In this case it would be the 2.9 release. I believe this distinction is made so that anyone who wants to get an ISO needs to buy the official one, or make their own.

    What are the consiquences?
    • The source is still free - and it will stay that way. The recent IPF fiasco and subsequent removal of IPF from the OpenBSD source is evidence of that.
    • You can do a ftp/http install if you like - no problems there: Ftp download site [wiretapped.net]... The floppy29.fs image is the boot floppy that will allow you to have at it. -Make sure you have a look at the OpenBSD.org site for hardware compatability before beginning.-
    • The ISO of official releases is only distributed by the OpenBSD group - generating them some much needed funding and giving them an idea of how many users they've got.
    • The copyright on the ISO makes it illegal (yeah) to distribute that release ISO right off the CD without permission.
    • Anyone is welcome to fork code, make custom ISOs, use the CD as a coaster, etc. It's still open source.
  • by PorcelainLabrador ( 321065 ) on Friday June 01, 2001 @06:47AM (#184428) Homepage
    Microsoft is going to be pouring through the new BSD code, and should be sending out a new Windows update anytime now... =)

  • He's not charging for the code. He puts everything onto a CD and then copyrights the CD layout. Just like a book, the letters and words in it are free to use but the author copyrights their arrangement. You could download all the code and make your own ISO's, which you could post on the internet. But that would undermine the project's support.

    When I did my 2.8 install I did FTP, since the computer didn't have a CDROM, and it was completely free (after you pay the cable bill ;)

It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome

Working...