Home > OpenBSD > OpenBSD 3.4beta Tagged on CVSOpenBSD 3.4beta Tagged on CVS Eugenia Loli 2003-08-12 OpenBSD 29 CommentsOpenBSD 3.3-current now turns 3.4-beta, as the cvs log says. More info at Deadly.org. About The Author Eugenia LoliEx-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.Follow me on Twitter @EugeniaLoli 29 Comments 2003-08-12 4:42 pm Good job by OpenBSD people.Curious about changes? Well the list is huge… seehttp://www.openbsd.org/plus.htmlHope they keep up the good work, even though DARPA pulled it’s financial support 2003-08-12 5:59 pm “Sync the SMP branch to 3.3.”Mmmmmm… toasty! I’m a FreeBSD person myself (although I’m still new to it), but perhaps I’ll give OpenBSD a try now. 2003-08-12 7:18 pm I was looking at OpenBSD for long before trying it out. I bought a cd kit last month and play with it since.And what I can say is : It’s damn good…Ok, we forget everything that is user-friendly ( and when I talk about user-friendly, it’s a good GUI easy to use ). But everything is simple to do. You just need to read a bit.And when your server is up, you can sleep at night without fear of being hacked. But you must put some effort of yours to achieve this.And I think it’s the point of OpenBSD : dont’ make thing too easy that wuser can sort it out. With this, you must search a bit, and understand more the system. And by that, you know more what you’re doing. You dont just click there and there and say : “Wow, my system is now “secure””. 2003-08-12 8:54 pm And when your server is up, you can sleep at night without fear of being hacked. But you must put some effort of yours to achieve this.Ok, I guess you have just discover what a sysadmin task really _IS_.Can you tell me how to secure something without putting effort? Im terribly curious! =)Well, BTW OpenBSD definetly rules, not because of its secure thingie but of its pureness as a simple and rock solid server OS…Ah!, and talking about rock things, dont forget to check outthe new gamma version of ROCKLinux 2.0cya 2003-08-12 8:56 pm I’ve been using obsd for a couple years now and it just keeps getting better and better. The changelogs alone prove how the obsd codemonkeys go at it like rabid dogs to keep the source rock solid. I’ll take this type of perfection and purely functional OS over others with new and unstable code, fancy guis, and support for the latest and greatest hardware any day. 2003-08-12 9:12 pm > I’ll take this type of perfection…over others with…> support for the latest and greatest hardware any day.Aye, if Linux’s developers would spend as much time working on the quality and organization of their code as supporting buzz features it might be comparable to the BSDs. Long live BSD! 2003-08-12 9:41 pm for a long time (i haven;t looked recently) their ipsec stack and theit ike daemon was th ebest out there amongst the free software. i’m sure some commercial products used it too.this is good stuff and i’m grateful that some people are doing this stuff: if they’re reading this: your work is appreciate it – and long may you enjoy doing it! 2003-08-12 9:47 pm OpenBSD rocks ! Thanks all geeks from the camp for having a fucking cool time. Developers keep up the good work for the most secure system in the world !By the way: HUMPA HUMPA HUMPA ! 2003-08-13 1:11 am chrootstrap,I’ve seen other references to things in Linux such as lack of quality and organization of their code. Can you elaborate? I’m trying to decide if I want to learn Linux or BSD (for server deployments).Thanks! 2003-08-13 1:30 am They are both very similar. And you will be using the same programs (apache,etc) on them, so pick whatever you want.and that “lack of quality and organization” is bull.First, that refers to the kernel, not the whole system, and second, there are so many more linux developers than BSD ones, that its impossible to get the same level of organization. 2003-08-13 1:37 am chrootstrap,I’ve seen other references to things in Linux such as lack of quality and organization of their code. Can you elaborate? I’m trying to decide if I want to learn Linux or BSD (for server deployments).Thanks!I’m not chrootstrap, but my answer is this:The BSD code base is directly descended from the original UNIX source code, and is by far the most mature family of free operating systems (the code base spans DECADES) compared to Linux which is a written from scratch clone of UNIX, whose kernel dates back to 1991, and whose userland is only a few years older than that (the GNU project http://www.gnu.org/ )Also, BSD tends to be more integrated, as the userland and kernel are developed by the same team of developers.As far as which one to learn for a server, well the answer to that is “it depends”Both are very solid operating systems, each with various advantages.Linux tends to support newer technologies and hardware, and has much better third party supportOTOH, BSDs tend to be more secure, and slightly more stable, they are also easier to manage once you get the hang of them (due to excellent engineering, consistency, and documentation), despite lacking GUI administration toolsIt all boils down to this, do you need Java, Oracle, DB2, etc.? or is uptime, security, and ease of administration more important?To be honest, I’d recommend D/Ling and trying both…the prices are right Use whatever is most comfortable for you and most suitable for the task at hand, both are similar enough that you should be able to switch between them with ease. 2003-08-13 2:04 am Hello, Dashslap. What I was commenting on was Linux, the kernel, in comparison to the kernels of the three widely-used free BSD operating systems. The BSD kernels are derived from the same parent (and each other to an extent) and are quite similar as can be seen by examining their sources:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/For that matter, the BSD portion of Darwin’s kernel, xnu, is also much like this. I have not contributed to these kernels, or Linux, but, I have used them to write device drivers and making certain changes for performance and embedded scenarios. In my honest opinion, the Linux kernel lacks organization, consistency of quality and style, and overall beauty.Following the linux-kernel mailing list, I see frequent flame wars, little regard for backwards compatibility in new features (making them more difficult to back-port modularly), and, perhaps most characteristically, a rigid hierarchy of decision backed much more by ego and pretense than by objective reasoning. This is especially visible in the often unreasonable declarations of “King” Linus who has, in my opinion, very little regard for democracy and collectivism in the development of what he refers plainly to as “his” kernel. And, it is this very attitude that, in my opinion, has contributed the most to the ugliness of the Linux kernel.As to what to use for a server, if all of the applications you need are available on both Linux and the BSD (perhaps through its Linux emulation) that you are evaluating, I think you should definitely consider the BSDs as they are much more mature and, historically, more secure. But, with the right Linux distribution, you aren’t likely to have many more problems than with a BSD. I always liked the Potato (stable) releases of Debian Linux, but, even newer distros such as Trustix are fine for most servers. Having a good port/package update mechanism is important, though.Most server admins don’t have to worry too much about what their kernel is and just focus on the applications. But, seeing as OpenBSD is a full fledge distribution with applications, etc, that has, since its inception 7 years ago, focused on security, I would highly recommend it.Best wishes! chrootstraphttp://dom.neopoleon.com 2003-08-13 2:05 am “The BSD code base is directly descended from the original UNIX source code,”Nope, it comes from the orginal Berkeley code, there is no AT&T in it after the whole lawsuit fiasco in the 80s. The utilities are also different, so people who are used to SystemV may be lost in a BSD system. Linux does its own thing so it does not adhere to SYSV strictly but it is far more affine to SysV than BSD (which is fine because BSD never intended to bet SysV alike)“compared to Linux which is a written from scratch clone of UNIX, whose kernel dates back to 1991, and whose userland is only a few years older than that”Most BSD’s userland is also based on GNUs too, grated they get around using some of their own tools and libs, but they still depend on certain gnu part *cough* gcc *cough* 2003-08-13 2:28 am Nope, it comes from the orginal Berkeley code, there is no AT&T in it after the whole lawsuit fiasco in the 80s. The utilities are also different, so people who are used to SystemV may be lost in a BSD system. Linux does its own thing so it does not adhere to SYSV strictly but it is far more affine to SysV than BSD (which is fine because BSD never intended to bet SysV alike)This is wrong. Take a gander through the source. Not all the AT&T code was removed. Some was licensed under a BSD-style license. The standard example of finding AT&T in the BSD code is the file init_main.c. You can view it at http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/init_main.cIn fact very little code was actually removed considering how bsd originated. Although the rumor-mongers will tell you that this was because it came out that AT&T was pirating Berkeley code. That of course is just a rumor. 2003-08-13 2:29 am Oops, that was not formatted quite right. Oh well, it should be obvious the first paragraph is what I was replying too. 2003-08-13 2:37 am I’ve found the history of BSD really interesting. There are a number of posts on it on the web, and even in the manuals of some of the OS’s, but. does anyone know of a good book that tells the tale and is up-to-date enough to cover the free BSDs? 2003-08-13 2:40 am I know you must put effort in securising every system.But with OpenBSD, the effort really worth it. And it’s much a one time effort. When a patch come out, it’s tested, you apply it and everything work well. So easy.With Windows, when a patch come out, it’s so so tested, you apply it and something dont work now. You find another patch that fix that and it broke somethings else. It’s not like that everytime, but it occurs too many time for me…And no, I just dont discover what sysadmin IS… I administer my personnal server like if it was a company server, apply the patch when it comes out, audit the security, etc 2003-08-13 3:07 am I tried FreeBSD, about three years ago, and I tried NetBSD and OpenBSD about two years also. And all that I can tell about *BSD is their’s so cool! Are well-done.I’m sysadmin at an ISP, and it has a performance very damn good! The *BSD are in all the best O.S. for servers available right now. Really. It has all that I need. Perl/Shell scripting for maintenance? You ask for it, and you got it!! Fast and reliable performance as web or ftp server? Simply the best. Security? Ye have kernel built-in security levels. Upgrading the software? The ports tree are the damn best updating tool that i’ve seen. and it’s portable!! Damn! Even working with wireless and building a FreeBSD AP is really cool!!!And thanks to those guys at the BSD communities, we have simply the best. It really make me smile.BSDero 2003-08-13 3:23 am Part of the lawsuit meant that BSD had to remove all AT&T code, most of the BSD code is BSD not SysV, although SysV may have gotten BSD code in it.This is why you can not call BSD a Unix anymore In this sense BSD and Linux are the same i.e. they are not unices. 2003-08-13 4:17 am Part of the lawsuit meant that BSD had to remove all AT&T code, most of the BSD code is BSD not SysV, although SysV may have gotten BSD code in it.This is why you can not call BSD a Unix anymore In this sense BSD and Linux are the same i.e. they are not unices.Actually, it turned out that the SysV and BSD codebases were equally infected with each others code (there was a lot of BSD derived code in SysV that was not properly marked as such).Thus, much, but not all of the existing SysV code was removed from BSD to create the BSDLite releases. However, there IS still SysV code in all of the BSDs, and I can assure you there’s BSD code in all but the earliest commercial Unices.BSD’s lack of “official” UNIX status has little to do with it’s heritage and everything to do with the fact that nobody has bothered to pay the open group to have it certified. In fact, one can create a UNIX from scratch and have it certified without containing a single line of SysV derived code.In fact, if you look at http://opengroup.org/ several “UNIXes” in fact, aren’t “UNIXes” 2003-08-13 4:29 am Well, if we’re not talking official, SCO is saying that theres plenty of real UNIX in linux. 😉And they were not “equally infected”, there was a little bit of SysV in BSD, and that was removed. There was LOTS of BSD in UNIX, and its still there, probobly. 2003-08-13 1:11 pm >>Following the linux-kernel mailing list, I see frequent flame wars, little regard for backwards compatibility in new features (making them more difficult to back-port modularly), and, perhaps most characteristically, a rigid hierarchy of decision backed much more by ego and pretense than by objective reasoning. This is especially visible in the often unreasonable declarations of “King” Linus who has, in my opinion, very little regard for democracy and collectivism in the development of what he refers plainly to as “his” kernel. And, it is this very attitude that, in my opinion, has contributed the most to the ugliness of the Linux kernel.Um, it *is* his kernel – Linus > Linux. Der. So yeah, lack of democracy? He has final say but he doesn’t exactly check over every line of code himself, he has plenty of people in charge of various subsystems who do the bulk of the work. How does any of that factor into quality? I’m not a programmer so I cannot objectively claim one way or another, but I have been using Linux for a number of years now and quality has never been an issue for me. Its only come crashing down on me under two conditions – 1) bad hardware or 2) development kernel. Else the things damn stable. Security? Thats becoming less and less of an issue, 2.6 will have the NSA’s secure linux patches in it. Among various other improvements.For the record I dig BSD and run NetBSD on my old Sparc, so there. 2003-08-13 2:44 pm Hello, Christopher X.> Um, it *is* his kernel – Linus > Linux. Der. So yeah, lack of> democracy? He has final say but he doesn’t exactly check over every> line of code himself, he has plenty of people in charge of various> subsystems who do the bulk of the work. How does any of that> factor into quality?Linus has not contributed anywhere near a majority of code to the kernel, nor, even a substantial minority. Thousands of people have worked on the kernel, making it what it is Today, yet, Linus doesn’t seem to consider this significant, not only in terms of the ownership of Linux, but, in terms of the responsibilities his authority holds.Linus regularly makes divisive decrees without anything approaching a consensus or majority approval, such, as the use of the BitKeeper SCM system. This is also true about well-backed technical facets, which Linus often deigns either “brain-dead” or other totalist labels. I certainly think that he is entitled to his opinion about these matters and that he should be able to express himself. But, the real question is whether his opinion is really so much more important in the development of Linux than the collective opinions of the hundreds of regular kernel contributors.As for quality, the lack of objectivity in the development process makes a lot of code inclusion based on playing nicely with Linus. Dozens of times I have seen techincal arguments erupt about whether something should be included and have them “resolved” by a final, “This is the way Linus said he wanted it.” Looking back at things like Linus’ arguments with Tanenbaum and his categorical dismissal of microkernels as ivory-tower, academic toys (a strange argument for young student with very little real-world experience), the sequent inclusion of a module system, and, yet, the continued lack of serious in-kernel security mechanisms, I think that a lot of Linux was designed on hot-air rather than sound reasoning.Being aware of the current state of the 2.5 kernel and the suddle hurry to get it out as 2.6 for large-scale testing, I think that you may be surprised how unstable 2.6 will be, initially. I don’t think that the NSA patches will make any significant difference in security and I don’t think anyone is doing a serious audit (is there?) of the development kernel’s security before it is released.But, that’s just my opinion! chrootstraphttp://dom.neopoleon.com 2003-08-13 2:49 pm I’ve found the history of BSD really interesting. There are a number of posts on it on the web, and even in the manuals of some of the OS’s, but. does anyone know of a good book that tells the tale and is up-to-date enough to cover the free BSDs?http://www.oreilly.com/catalog/opensources/book/kirkmck.htmlA very good read, though it doesn’t cover the free BSDs.As for the rest of this discussion, the avg. level of clue is, as usual, through the floor. Neither Net- nor OpenBSD is in any way credible competitors to Linux, and even FreeBSD is starting to lag almost a kernel-generation behind wrt a lot of features important for high-end systems. This is a gap that is only going to get bigger, as the resource-gap continues to exist. 2003-08-13 3:04 pm >> I’ve found the history of BSD really interesting. There are a number>> of posts on it on the web, and even in the manuals of some of the >>OS’s, but, does anyone know of a good book that tells the tale and is >> up-to-date enough to cover the free BSDs?> http://www.oreilly.com/catalog/opensources/book/kirkmck.html > A very good read, though it doesn’t cover the free BSDs.Thank you for the link! 2003-08-13 3:06 pm Howdy again. 🙂Insofar as stability goes I’ve been running 2.5 since 2.5.53, and my machine is currentl booted into 2.6.0test3-mm1. Stability, for me, is a nonissue – especially with the latest test series. Weirdly enough this kernel is more stable on my hardware then 2.4 was, which would just randomly lockup (my chipset, I’m told). Whatever it was 2.6 fixes it.Linus, in my view, certainly has final say but isn’t as intimately involved in everything as you make it sound, most of the work is done by others – he merely reviews and accepts or denies. Insofar as ownership goes the author gets their credit, from the little code I’ve read of the Linux kernel everyone seems to be credited – Linus doesn’t just rubberstamp his name everywhere. Ego he has, but he’s not that bad. May I restate my its his project statement? I’d think the creator would have a decent about of control over his own project, don’t you? What about OpenBSD? Does Theo allow all that of a democratic process in its development? I think Theo plays a similar role as Linus, if not more ego driven.Insofar as internel security mechanisms me thinks thats changing, as per my NSA comment and in other areas as well. Insofar as a line-by-line audit ala OpenBSD, I’m not sure if thats happened – do the other BSD’s do that? I thought only OpenBSD did that. Correct me if I’m wrong.If I’m a bit defensive of Linux is probably because it was my first introduction to Unix and has remained my favorite flavor. I’ve tried all three BSD’s, Solaris, Irix (tho not longterm), SCO, and Mac OS X. Linux remains a favorite with FreeBSD a reasonably close second. Or maybe Solaris…*shrugs.* I’m no guru but I’d like to think I’m a few steps beyond newbie…Thanks for the reply,Laters,~Christopher 2003-08-13 3:32 pm Excuse me sir , but till you will make something comparablewith Linus, your opinion will cost nothing. Also i donot haveidea where did u read about “king”? May be we read different“lkml”? 2003-08-13 4:02 pm > Excuse me sir , but till you will make something comparable> with Linus, your opinion will cost nothing. Also i do not> have idea idea where did u read about “king”? May be we> read different “lkml”?Hello, Uman.I’m sorry, but, I do not find your argument tenable. Linus did not create Linux in total — in fact he has contributed a very small part of the actual code. I have _created_ private, commercial kernels, but, I find the idea that I must be the creator of something comparable to Linux in order to have a worthwhile opinion an unreasonable, fallacious argument. Perhaps my logic is incorrect. Perhaps I’m in error. I would much rather these, objective criteria be the basis for if evaluating my opinion than an ad hominum argument against my qualifications.I’m sorry if my use of quotation marks around “King” caused confusion. That was not a quotation of something said on lkml, but, was meant as ironic emphasis.Nonetheless, I hope you have a wonderful day! chrootstraphttp://dom.neopoleon.com 2003-08-13 9:25 pm “Insofar as a line-by-line audit ala OpenBSD, I’m not sure if thats happened – do the other BSD’s do that? I thought only OpenBSD did that. Correct me if I’m wrong.”FreeBSD did have an official auditing project a while ago, but it seems to have stalled. I am sure that there is some level of auditing in all of the BSDs, but from what I’ve seen, OpenBSD’s is by far the most proactive.