Linked by Thom Holwerda on Wed 30th Apr 2008 22:24 UTC
OpenBSD Theo de Raadt has lifted the veil off OpenBSD 4.3. "We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Boasting as always, but when it's justified, arrogance is a virtue.
Order by: Score:
v Hm
by primelight@live.com on Wed 30th Apr 2008 22:49 UTC
RE: Hm
by sakeniwefu on Thu 1st May 2008 01:24 UTC in reply to "Hm"
sakeniwefu Member since:
2008-02-26

And you are one of them.

OpenBSD is the best UNIX-like OS I have ever tried. The documentation is awesome, you can actually get things working by reading the manual pages, the code follows style guidelines, and its developers do really believe in free software, refusing to write NDAs with hardware vendors where others pull their pants down.

The base system has a partition reserved in my Laptop. Looking forward to upgrade to 4.3.

If you don't like Theo, go swim with Puffy.

Reply Score: 18

RE[2]: Hm
by Doc Pain on Thu 1st May 2008 01:58 UTC in reply to "RE: Hm"
Doc Pain Member since:
2006-10-08

I won't go into detail regarding any insults, but I'd like to comment on your following statement:

The documentation is awesome, you can actually get things working by reading the manual pages, the code follows style guidelines, [...]


This is what I really like about OpenBSD and the "three big BSDs" in general (OpenBSD, FreeBSD, NetBSD). The developers do really take the time to write excellent manpages. Everything in the OS is documented, from the system utilities, the kernel interfaces, over the usual maintenance procedures up to library calls and file formats. Nearly everything within the OS has a manpage that is really helpful and, if may say this, written with the user in mind. No "no manpage availabe", "type --help for help" or "visit the Wiki on ... for more information" or "put this and that into google and see". No - everything is available just after install. This is how it should be.

You mentioned style guidelines, too. If you read the kernel and system sources, you will notice that they are very tidy, they contain comments and well intended identifiers. So even if you're a fan of modifying the source in order to get something special working, OpenBSD is very helpful here.

I can always applaude the OpenBSD developers. Great operating system, always a joy to use.

Reply Score: 22

v Acknowledge
by Hiawatha on Wed 30th Apr 2008 23:12 UTC
RE: Acknowledge
by Ophidian on Wed 30th Apr 2008 23:18 UTC in reply to "Acknowledge"
Ophidian Member since:
2007-01-17

No, the OpenBSD project takes any remote hole in a default install VERY seriously.

Reply Score: 9

This is great.
by Clinton on Wed 30th Apr 2008 23:16 UTC
Clinton
Member since:
2005-07-05

I like OpenBSD and often like to reminisce on its progress. I remember the 22st release on CD and 23th FTP release as though they happened a day ago.

Reply Score: 3

jace78
Member since:
2005-07-06

It is nice to see that changes made to ports in July 2006 made it into this release, or did my brain just stroke off there for a second?

Reply Score: 1

Long Live OpenBSD
by drcoldfoot on Thu 1st May 2008 00:48 UTC
drcoldfoot
Member since:
2006-08-25

Despite Theo's character, You must admit that he's the absolute best friend to the Open Community as we know.

Reply Score: 14

WPA
by jackson on Thu 1st May 2008 00:48 UTC
jackson
Member since:
2005-06-29

And, in related news, WPA is now part of OpenBSD -current (so it will be in 4.4 scheduled for release later this year). Many, but not all chipsets are supported, including Atheros and Intel, and more are coming.

I have tested it on my Thinkpad x40 and it works great. WPA is one thing I really wanted OpenBSD to have and now it's here.

Edited 2008-05-01 00:48 UTC

Reply Score: 7

RE: WPA
by kaiwai on Thu 1st May 2008 10:40 UTC in reply to "WPA"
kaiwai Member since:
2005-07-06

And, in related news, WPA is now part of OpenBSD -current (so it will be in 4.4 scheduled for release later this year). Many, but not all chipsets are supported, including Atheros and Intel, and more are coming.

I have tested it on my Thinkpad x40 and it works great. WPA is one thing I really wanted OpenBSD to have and now it's here.


Its terrible that it has taken this long; for something that is meant to be security orientated operating system, WPA seems very low on their priorities.

Reply Score: 3

RE[2]: WPA
by Oliver on Thu 1st May 2008 22:19 UTC in reply to "RE: WPA"
Oliver Member since:
2006-07-15

Because WPA _is_ low security.

Reply Score: 4

RE[3]: WPA
by 0brad0 on Fri 2nd May 2008 04:06 UTC in reply to "RE[2]: WPA"
0brad0 Member since:
2007-05-05

Because WPA _is_ low security.


WPA is, WPA2 is NOT.

Reply Score: 1

RE[2]: WPA
by Sunnz on Thu 1st May 2008 23:53 UTC in reply to "RE: WPA"
Sunnz Member since:
2008-04-09

VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi... which usually secures the IP packets at layer 3... which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)... therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.

Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.

Reply Score: 2

RE[3]: WPA
by 0brad0 on Fri 2nd May 2008 04:22 UTC in reply to "RE[2]: WPA"
0brad0 Member since:
2007-05-05

VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi... which usually secures the IP packets at layer 3... which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)... therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.


It was not a priority because the people working on the net80211 layer were not using Wifi in the real world so they didn't care. This has since changed. Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.

Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.

Reply Score: 1

RE[4]: WPA
by Sunnz on Sat 3rd May 2008 11:17 UTC in reply to "RE[3]: WPA"
Sunnz Member since:
2008-04-09

Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.


Huh? I don't see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.

"Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.
"

Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.

Edited 2008-05-03 11:19 UTC

Reply Score: 1

RE[5]: WPA
by 0brad0 on Sat 3rd May 2008 23:06 UTC in reply to "RE[4]: WPA"
0brad0 Member since:
2007-05-05

Huh? I don't see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.


IPsec != OpenVPN. I don't want to setup VPNs of any kind to workaround the real problem. Now that it has been resolved everyone is happy.

Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.


And what is your point? You're not stating anything that is new.

No one has denied that there was not a purpose to WPA support, but developers that write the appropriate code and developers which have the time to do so do not appear out of thin air.

Reply Score: 1

RE[6]: WPA
by Sunnz on Sun 4th May 2008 09:49 UTC in reply to "RE[5]: WPA"
Sunnz Member since:
2008-04-09

IPsec != OpenVPN.
I never said that, that's why I used the term VPN in my original comment. IPsec is not the only VPN that you can use on OBSD, and you shouuld already know that.

I don't want to setup VPNs of any kind to workaround the real problem. Now that it has been resolved everyone is happy.


If you don't want to use it that's fine. I am not here to start a WPA vs VPN war.

That however doesn't show how it is unrealistic to use VPN to join my AP, when it actually just works in the real world.

And what is your point? You're not stating anything that is new.
And you think you are stating anything new? You were just merely repeating my point. I don't see what you are arging about here.

Reply Score: 1

RE[2]: WPA
by 0brad0 on Fri 2nd May 2008 04:05 UTC in reply to "RE: WPA"
0brad0 Member since:
2007-05-05

Code does not come out of thin air. It requires developers interested and willing to write the code.

Reply Score: 1

23nd and 24rd
by Googol on Thu 1st May 2008 07:53 UTC
Googol
Member since:
2006-11-24

and then the first comment goes on to say: 22st

I have nothing to add ;)

Reply Score: 0

RE: 23nd and 24rd
by Clinton on Thu 1st May 2008 20:39 UTC in reply to "23nd and 24rd "
Clinton Member since:
2005-07-05

I said 22st AND 23th. I was being sarcastic due to the two errors in the original. It's not very fun if I have to spell that out for people though. ;)

Reply Score: 2

Any support for virtualization ...
by dindin on Thu 1st May 2008 15:14 UTC
dindin
Member since:
2006-03-29

Does OpenBSD support any kind of virtualization for server consolidation? It seems all the current options are available only for Linux - be it for server or desktop. Currently testing NetBSD/Xen but would like to see something along the lines of KVM for Linux.

Reply Score: 1

amit Member since:
2006-02-13

Does OpenBSD support any kind of virtualization for server consolidation? It seems all the current options are available only for Linux - be it for server or desktop. Currently testing NetBSD/Xen but would like to see something along the lines of KVM for Linux.


I remember reading an interview of Theo somewhere and he pretty much said that virtualization was useless. Although most vendors tout the improved security, Theo actually argues otherwise.

It is a very interesting read and I must say after reading it, I do doubt the advantages of virtualization.

Some points I remember:

* He argues about the insecurity virtualization hardware technology included in Intel/AMD chips today.

* I will try to find link for that.

But to cut a long story short, I don't see OpenBSD supporting virtualization at all.

Reply Score: 3

lteo Member since:
2007-03-25

But to cut a long story short, I don't see OpenBSD supporting virtualization at all.


OpenBSD does support some virtualization with qemu for example.

http://www.openbsd.org/4.3_packages/i386/qemu-0.9.0p1-kqemu.tgz-lon...

There was a Google SoC project for OpenBSD/xen at some point, but it looks like it was never finished.

http://anil.recoil.org/blog/articles/2006/08/21/openbsd-xen-boots-m...

Reply Score: 2

Oliver Member since:
2006-07-15

>Although most vendors tout the improved security

Like Vmware, Xen etc. Guess why? It's their business. But there are many people denying the usability of virtualization. Furthermore Theo isn't God, if _he_ doesn't like something, it doesn't mean it will never make it in the system. So this isn't Linux with its dictatorship.

Reply Score: 1

Grammar error
by rohandhruva on Thu 1st May 2008 15:28 UTC
rohandhruva
Member since:
2008-02-05

The blurb on OSNews says --

"This is our 23nd release on CD-ROM "

shouldn't it read 23rd and not 23"nd"?
I have checked, it's an OSNews error, not error at source - http://marc.info/?l=openbsd-announce&m=120959605703777&w=2

Reply Score: 2

Better file system support?
by irbis on Thu 1st May 2008 17:14 UTC
irbis
Member since:
2005-07-08

I can't remember now, so what again are the exact reasons why OpenBSD still uses the old UFS as its file system? Why no support for UFS2?

Also support for other file systems is relatively limited (ext2, FAT, ISO 9660, NFS, NTFSb4 (read only), AFS, others?) in OpenBSD when compared to other BSDs too. See, for example, here: http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Te...

I wonder if there are plans to implement better support for more advanced file systems too (something like ZFS and journaled "Linux" file systems, etc.)?

Reply Score: 2

RE: Better file system support?
by lteo on Thu 1st May 2008 18:08 UTC in reply to "Better file system support?"
lteo Member since:
2007-03-25

I can't remember now, so what again are the exact reasons why OpenBSD still uses the old UFS as its file system? Why no support for UFS2?


It is supported, just not enabled by default: http://marc.info/?l=openbsd-misc&m=120560624005291&w=2

I wonder if there are plans to implement better support for more advanced file systems too (something like ZFS and journaled "Linux" file systems, etc.)?


I doubt ZFS will ever make it into the system due to its license and porting difficulties, e.g. http://marc.info/?l=openbsd-misc&m=113233984014141&w=2

Reply Score: 1

RE[2]: Better file system support?
by irbis on Fri 2nd May 2008 07:57 UTC in reply to "RE: Better file system support?"
irbis Member since:
2005-07-08

It is supported, just not enabled by default: http://marc.info/?l=openbsd-misc&m=120560624005291&w=2

Great. Anyway (and sorry for my ignorance), but does that mean that OpenBSD can also be installed using UFS2 instead of of the older UFS now?

Reply Score: 2

lteo Member since:
2007-03-25

Great. Anyway (and sorry for my ignorance), but does that mean that OpenBSD can also be installed using UFS2 instead of of the older UFS now?


Well, "no and yes."

You can't install it from the default bsd.rd ramdisk installer program because it's not compiled into bsd.rd (because bsd.rd is stripped down and does not include UFS2).

However you can create UFS2 filesystems after installation. And I *believe* that if you hack and create your own bsd.rd you might be able to get it to create UFS2 filesystems directly from the installer. However, as otto@ mentioned in his mailing list post, "The boot media and boot loader do not support FFS2." So that sounds like at least the boot filesystem must be UFS, and the rest can be UFS2.

Personally I've only tried creating FFS2 filesystems after installation (e.g. I used it as my /home for example).

And no, I won't pretend that I know if UFS2 == FFS2 and all its intricacies. ;)

Reply Score: 1

RE: Better file system support?
by Oliver on Thu 1st May 2008 22:26 UTC in reply to "Better file system support?"
Oliver Member since:
2006-07-15

Why? Journaling isn't anything better than e.g. softupdates, it's just a different approach. And ZFS is nonsense, it's a resource-hog.

Reply Score: 2

RE[2]: Better file system support?
by irbis on Fri 2nd May 2008 08:11 UTC in reply to "RE: Better file system support?"
irbis Member since:
2005-07-08

Why? Journaling isn't anything better than e.g. softupdates

You may be quite right with that. But I was also just talking about read-only (and maybe edit) support too. If, for example, you had both Linux and OpenBSD installed on the same PC, you would like to have read support for your Linux home folder, that would probably use some journalled file system like ext3 or 4, Reiser etc.). What is the state of that kind of file system support in OpenBSD?

ZFS is nonsense, it's a resource-hog.

Well, every file system has its pros and cons, but I think you are not giving ZFS all the credit it could deserve. Anyway, ZFS was only one example of a so-called modern and advanced file system. There are, of course, other alternatives too.

Reply Score: 2

lteo Member since:
2007-03-25

You may be quite right with that. But I was also just talking about read-only (and maybe edit) support too. If, for example, you had both Linux and OpenBSD installed on the same PC, you would like to have read support for your Linux home folder, that would probably use some journalled file system like ext3 or 4, Reiser etc.). What is the state of that kind of file system support in OpenBSD?


OpenBSD has its own ext2 implementation, so you can mount and read/write to ext2 filesystems. Since ext3 is just ext2 with a journal, you can access ext3 too (though I don't know what happens to the state of the journal if you write files to the ext3 filesystem).

I don't think ext4 is supported. Reiser and XFS are definitely not supported, since there are no BSD-licensed implementations of either of them. There is an "xfs" directory in the OpenBSD sources, but that has something to do with AFS, not SGI's XFS.

Reply Score: 1

RE: Better file system support?
by 0brad0 on Sat 3rd May 2008 00:07 UTC in reply to "Better file system support?"
0brad0 Member since:
2007-05-05

I can't remember now, so what again are the exact reasons why OpenBSD still uses the old UFS as its file system? Why no support for UFS2?


OpenBSD has had support for UFS2 for the last two releases.

Also support for other file systems is relatively limited (ext2, FAT, ISO 9660, NFS, NTFSb4 (read only), AFS, others?) in OpenBSD when compared to other BSDs too. See, for example, here: http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Te...


The only filesystem I see that looks interesting from a client perspective is SMBFS. The other filesystems are not under a decent license and as is are extremely experimental/buggy, crippled (read-only) and not supported out of the box.

I wonder if there are plans to implement better support for more advanced file systems too (something like ZFS and journaled "Linux" file systems, etc.)?


Not even a chance without code under a decent license.

Reply Score: 1

It'd be nice...
by laserface on Fri 2nd May 2008 22:39 UTC
laserface
Member since:
2008-04-07

...to have a release where folk don't pop on every forum in existence and spew their uninformed opinion about Theo for once.

From what I've read, at the most I'd say Theo is stubborn, can be quite harsh, and is most often frank. Usually the receiver deserved what they got and came after him in the first place. Theo really goes to bat for what he believes in and we all benefit from it. I'd rather have a leader like him who cuts the crap and gets right down to it.

Don't like it? Don't like Theo? Don't use it. Simple.

Reply Score: 2

openbsd
by happycamper on Mon 5th May 2008 12:40 UTC
happycamper
Member since:
2006-01-01

congrats, for another great OpenBSD release. One of the areas i love about OpenBSD is the great documentation that is available; it's well written. I'm placing an order.

Reply Score: 2